yubikit.yubiotp

Attributes

T
TKTFLAG_UPDATE_MASK
CFGFLAG_UPDATE_MASK
EXTFLAG_UPDATE_MASK
FIXED_SIZE
UID_SIZE
KEY_SIZE
ACC_CODE_SIZE
CONFIG_SIZE
NDEF_DATA_SIZE
HMAC_KEY_SIZE
HMAC_CHALLENGE_SIZE
HMAC_RESPONSE_SIZE
SCAN_CODES_SIZE
SHA1_BLOCK_SIZE
DEFAULT_NDEF_URI
NDEF_URL_PREFIXES
Cfg
INS_CONFIG
INS_YK2_STATUS

Classes

SLOT	Enum where members are also (and must be) ints
CONFIG_SLOT	Enum where members are also (and must be) ints
TKTFLAG	Support for integer-based Flags
CFGFLAG	Support for integer-based Flags
EXTFLAG	Support for integer-based Flags
NDEF_TYPE	Enum where members are also (and must be) ints
CFGSTATE	Support for integer-based Flags
SlotConfiguration
HmacSha1SlotConfiguration
KeyboardSlotConfiguration
HotpSlotConfiguration
StaticPasswordSlotConfiguration
YubiOtpSlotConfiguration
StaticTicketSlotConfiguration
UpdateConfiguration
ConfigState	The configuration state of the YubiOTP application.
YubiOtpSession	A session with the YubiOTP application.

Module Contents

yubikit.yubiotp.T

class yubikit.yubiotp.SLOT

Bases: enum.IntEnum

Enum where members are also (and must be) ints

ONE = 1

TWO = 2

static map(slot, one, two)

Parameters:

• slot (SLOT)

• one (T)

• two (T)

Return type:

T

class yubikit.yubiotp.CONFIG_SLOT

Bases: enum.IntEnum

Enum where members are also (and must be) ints

CONFIG_1 = 1

NAV = 2

CONFIG_2 = 3

UPDATE_1 = 4

UPDATE_2 = 5

SWAP = 6

NDEF_1 = 8

NDEF_2 = 9

DEVICE_SERIAL = 16

DEVICE_CONFIG = 17

SCAN_MAP = 18

YK4_CAPABILITIES = 19

YK4_SET_DEVICE_INFO = 21

CHAL_OTP_1 = 32

CHAL_OTP_2 = 40

CHAL_HMAC_1 = 48

CHAL_HMAC_2 = 56

class yubikit.yubiotp.TKTFLAG

Bases: enum.IntFlag

Support for integer-based Flags

TAB_FIRST = 1

APPEND_TAB1 = 2

APPEND_TAB2 = 4

APPEND_DELAY1 = 8

APPEND_DELAY2 = 16

APPEND_CR = 32

PROTECT_CFG2 = 128

OATH_HOTP = 64

CHAL_RESP = 64

class yubikit.yubiotp.CFGFLAG

Bases: enum.IntFlag

Support for integer-based Flags

SEND_REF = 1

PACING_10MS = 4

PACING_20MS = 8

STATIC_TICKET = 32

TICKET_FIRST = 2

ALLOW_HIDTRIG = 16

SHORT_TICKET = 2

STRONG_PW1 = 16

STRONG_PW2 = 64

MAN_UPDATE = 128

OATH_HOTP8 = 2

OATH_FIXED_MODHEX1 = 16

OATH_FIXED_MODHEX2 = 64

OATH_FIXED_MODHEX = 80

OATH_FIXED_MASK = 80

CHAL_YUBICO = 32

CHAL_HMAC = 34

HMAC_LT64 = 4

CHAL_BTN_TRIG = 8

class yubikit.yubiotp.EXTFLAG

Bases: enum.IntFlag

Support for integer-based Flags

SERIAL_BTN_VISIBLE = 1

SERIAL_USB_VISIBLE = 2

SERIAL_API_VISIBLE = 4

USE_NUMERIC_KEYPAD = 8

FAST_TRIG = 16

ALLOW_UPDATE = 32

DORMANT = 64

LED_INV = 128

yubikit.yubiotp.TKTFLAG_UPDATE_MASK

yubikit.yubiotp.CFGFLAG_UPDATE_MASK

yubikit.yubiotp.EXTFLAG_UPDATE_MASK

yubikit.yubiotp.FIXED_SIZE = 16

yubikit.yubiotp.UID_SIZE = 6

yubikit.yubiotp.KEY_SIZE = 16

yubikit.yubiotp.ACC_CODE_SIZE = 6

yubikit.yubiotp.CONFIG_SIZE = 52

yubikit.yubiotp.NDEF_DATA_SIZE = 54

yubikit.yubiotp.HMAC_KEY_SIZE = 20

yubikit.yubiotp.HMAC_CHALLENGE_SIZE = 64

yubikit.yubiotp.HMAC_RESPONSE_SIZE = 20

yubikit.yubiotp.SCAN_CODES_SIZE = 38

yubikit.yubiotp.SHA1_BLOCK_SIZE = 64

class yubikit.yubiotp.NDEF_TYPE

Bases: enum.IntEnum

Enum where members are also (and must be) ints

TEXT

URI

yubikit.yubiotp.DEFAULT_NDEF_URI = 'https://my.yubico.com/yk/#'

yubikit.yubiotp.NDEF_URL_PREFIXES = ('http://www.', 'https://www.', 'http://', 'https://', 'tel:', 'mailto:',...

class yubikit.yubiotp.CFGSTATE

Bases: enum.IntFlag

Support for integer-based Flags

SLOT1_VALID = 1

SLOT2_VALID = 2

SLOT1_TOUCH = 4

SLOT2_TOUCH = 8

LED_INV = 16

yubikit.yubiotp.Cfg

class yubikit.yubiotp.SlotConfiguration

is_supported_by(version)

Parameters:

version (yubikit.core.Version)

Return type:

bool

get_config(acc_code=None)

Parameters:

acc_code (Optional[bytes])

Return type:

bytes

serial_api_visible(value)

Parameters:

value (bool)

Return type:

Cfg

serial_usb_visible(value)

Parameters:

value (bool)

Return type:

Cfg

allow_update(value)

Parameters:

value (bool)

Return type:

Cfg

dormant(value)

Parameters:

value (bool)

Return type:

Cfg

invert_led(value)

Parameters:

value (bool)

Return type:

Cfg

protect_slot2(value)

Parameters:

value (bool)

Return type:

Cfg

class yubikit.yubiotp.HmacSha1SlotConfiguration(key)

Bases: SlotConfiguration

Parameters:

key (bytes)

is_supported_by(version)

require_touch(value)

Parameters:

value (bool)

Return type:

Cfg

lt64(value)

Parameters:

value (bool)

Return type:

Cfg

class yubikit.yubiotp.KeyboardSlotConfiguration

Bases: SlotConfiguration

append_cr(value)

Parameters:

value (bool)

Return type:

Cfg

fast_trigger(value)

Parameters:

value (bool)

Return type:

Cfg

pacing(pacing_10ms=False, pacing_20ms=False)

Parameters:

• pacing_10ms (bool)

• pacing_20ms (bool)

Return type:

Cfg

use_numeric(value)

Parameters:

value (bool)

Return type:

Cfg

class yubikit.yubiotp.HotpSlotConfiguration(key)

Bases: KeyboardSlotConfiguration

Parameters:

key (bytes)

is_supported_by(version)

digits8(value)

Parameters:

value (bool)

Return type:

Cfg

token_id(token_id, fixed_modhex1=False, fixed_modhex2=True)

Parameters:

• token_id (bytes)

• fixed_modhex1 (bool)

• fixed_modhex2 (bool)

Return type:

Cfg

imf(imf)

Parameters:

imf (int)

Return type:

Cfg

class yubikit.yubiotp.StaticPasswordSlotConfiguration(scan_codes)

Bases: KeyboardSlotConfiguration

Parameters:

scan_codes (bytes)

is_supported_by(version)

class yubikit.yubiotp.YubiOtpSlotConfiguration(fixed, uid, key)

Bases: KeyboardSlotConfiguration

Parameters:

• fixed (bytes)

• uid (bytes)

• key (bytes)

tabs(before=False, after_first=False, after_second=False)

Parameters:

• before (bool)

• after_first (bool)

• after_second (bool)

Return type:

Cfg

delay(after_first=False, after_second=False)

Parameters:

• after_first (bool)

• after_second (bool)

Return type:

Cfg

send_reference(value)

Parameters:

value (bool)

Return type:

Cfg

class yubikit.yubiotp.StaticTicketSlotConfiguration(fixed, uid, key)

Bases: KeyboardSlotConfiguration

Parameters:

• fixed (bytes)

• uid (bytes)

• key (bytes)

short_ticket(value)

Parameters:

value (bool)

Return type:

Cfg

strong_password(upper_case=False, digit=False, special=False)

Parameters:

• upper_case (bool)

• digit (bool)

• special (bool)

Return type:

Cfg

manual_update(value)

Parameters:

value (bool)

Return type:

Cfg

class yubikit.yubiotp.UpdateConfiguration

Bases: KeyboardSlotConfiguration

is_supported_by(version)

protect_slot2(value)

tabs(before=False, after_first=False, after_second=False)

Parameters:

• before (bool)

• after_first (bool)

• after_second (bool)

Return type:

Cfg

delay(after_first=False, after_second=False)

Parameters:

• after_first (bool)

• after_second (bool)

Return type:

Cfg

class yubikit.yubiotp.ConfigState(version, touch_level)

The configuration state of the YubiOTP application.

Parameters:

• version (yubikit.core.Version)

• touch_level (int)

version

flags

is_configured(slot)

Checks of a slot is programmed, or empty

Parameters:

slot (SLOT)

Return type:

bool

is_touch_triggered(slot)

Checks if a (programmed) state is triggered by touch (not challenge-response) Requires YubiKey 3 or later.

Parameters:

slot (SLOT)

Return type:

bool

is_led_inverted()

Checks if the LED behavior is inverted.

Return type:

bool

__repr__()

yubikit.yubiotp.INS_CONFIG = 1

yubikit.yubiotp.INS_YK2_STATUS = 3

class yubikit.yubiotp.YubiOtpSession(connection, scp_key_params=None)

A session with the YubiOTP application.

Parameters:

• connection (Union[yubikit.core.otp.OtpConnection, yubikit.core.smartcard.SmartCardConnection])

• scp_key_params (Optional[yubikit.core.smartcard.ScpKeyParams])

close()

Close the underlying connection.

Deprecated:

call .close() on the underlying connection instead.

Return type:

None

property version: yubikit.core.Version

The version of the Yubico OTP application, typically the same as the YubiKey firmware.

Return type:

yubikit.core.Version

get_serial()

Get serial number.

Return type:

int

get_config_state()

Get configuration state of the YubiOTP application.

Return type:

ConfigState

put_configuration(slot, configuration, acc_code=None, cur_acc_code=None)

Write configuration to slot.

Parameters:

• slot (SLOT) – The slot to configure.

• configuration (SlotConfiguration) – The slot configuration.

• acc_code (Optional[bytes]) – The new access code.

• cur_acc_code (Optional[bytes]) – The current access code.

Return type:

None

update_configuration(slot, configuration, acc_code=None, cur_acc_code=None)

Update configuration in slot.

Parameters:

• slot (SLOT) – The slot to update the configuration in.

• configuration (SlotConfiguration) – The slot configuration.

• acc_code (Optional[bytes]) – The new access code.

• cur_acc_code (Optional[bytes]) – The current access code.

Return type:

None

swap_slots()

Swap the two slot configurations.

Return type:

None

delete_slot(slot, cur_acc_code=None)

Delete configuration stored in slot.

Parameters:

• slot (SLOT) – The slot to delete the configuration in.

• cur_acc_code (Optional[bytes]) – The current access code.

Return type:

None

set_scan_map(scan_map, cur_acc_code=None)

Update scan-codes on YubiKey.

This updates the scan-codes (or keyboard presses) that the YubiKey will use when typing out OTPs.

Parameters:

• scan_map (bytes)

• cur_acc_code (Optional[bytes])

Return type:

None

set_ndef_configuration(slot, uri=None, cur_acc_code=None, ndef_type=NDEF_TYPE.URI)

Configure a slot to be used over NDEF (NFC).

Parameters:

• slot (SLOT) – The slot to configure.

• uri (Optional[str]) – URI or static text.

• cur_acc_code (Optional[bytes]) – The current access code.

• ndef_type (NDEF_TYPE) – The NDEF type (text or URI).

Return type:

None

calculate_hmac_sha1(slot, challenge, event=None, on_keepalive=None)

Perform a challenge-response operation using HMAC-SHA1.

Parameters:

• slot (SLOT) – The slot to perform the operation against.

• challenge (bytes) – The challenge.

• event (Optional[threading.Event]) – An event.

• on_keepalive (Optional[Callable[[int], None]])

Return type:

bytes