Begin the mutual authentication process for establishing a Session.
Start negotiating a Session with the device. This command tells the device which Authentication Key to use and sends the host challenge part. The response will contain the device challenge and device authentication part. To establish the session continue with Authenticate Session.
Create a new session with Authentication Key
1 using the password
password. This does
both the session creation and authentication steps:
yubihsm> session open 1 password Created session 0
Tc = 0x03
Lc = 10
Vc = I || H
I := Key set ID (2 bytes)
H := Host Challenge (8 bytes)
The device generates a random Card Challenge
C (8 bytes).
The device derives three Session Keys (
from the set of two static keys identified by
the two challenges
C, using the same procedure described in SCP03.
The device uses
S-MAC together with
C to compute the Card Cryptogram
A. The host will compute the Host Cryptogram
B after having received
On success the device generates a Session ID
S (1 byte) and sets the
message counter for the current Session to
Tr = 0x83
Lr = 17
Vr = S || C || A