Your company here, and a link to your site. Click to find out more.

ykchalresp - Man Page

Perform challenge-response operation with YubiKey


ykchalresp [-nkey] [-1 | -2] [-H | -Y] [-N] [-x] [-v] [-6 | -8] [-t] [-iFILE] [-V] [-h]


Send a challenge to a YubiKey, and read the response. The YubiKey can be configured with two different C/R modes ā€” the standard one is a 160 bits HMAC-SHA1, and the other is a YubiKey OTP mimicking mode, meaning two subsequent calls with the same challenge will result in different responses.



send the challenge to the nth key found.


send the challenge to slot 1. This is the default


send the challenge to slot 2.


send a 64 byte HMAC challenge. This is the default.


send a 6 byte Yubico OTP challenge.


non-blocking mode ā€” abort if the YubiKey is configured to require a key press before sending the response.


challenge is hex encoded.


enable verbose mode.


output the response in OATH format, 6 digits.


output the response in OATH format, 8 digits.


use current time as challenge instead of reading challenge from command line (as in default TOTP mode, seconds since 1970-01-01 00:00:00 / 30 encoded as an 8 byte challenge).


take challenge from FILE instead of as an argument. If file is - challenge is read from STDIN


print tool version and exit.


The YubiKey challenge-response operation can be demonstrated using the NIST PUB 198 A.2 test vector.

First, program a YubiKey with the test vector :

$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a303132333435363738393a3b3c3d3e3f40414243
Commit? (y/n) [n]: y

Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :

$ ykchalresp -2 'Sample #2'


Report ykchalresp bugs in the issue tracker https://github.com/Yubico/yubikey-personalization/issues

See Also

The ykpersonalize home page https://developers.yubico.com/yubikey-personalization/

YubiKeys can be obtained from Yubico http://www.yubico.com/


Version 1.19.1 YubiKey Personalization Tool M