Build Status Crates.io MIT licensed Apache-2.0 licensed

Yubico

Enables integration with the Yubico validation platform, so you can use Yubikey's one-time-password in your Rust application, allowing a user to authenticate via Yubikey.

Current features

Usage

Add this to your Cargo.toml

toml [dependencies] yubico = "0.4"

The following are a list of Cargo features that can be enabled or disabled:

You can enable or disable them using the example below:

toml [dependencies.yubico] version = "0.4" # don't include the default features (online) default-features = false # cherry-pick individual features features = []

Request your api key.

OTP with Default Servers

```rust extern crate yubico;

use yubico::Yubico; use yubico::config::*;

fn main() { let yubi = Yubico::new("CLIENTID", "APIKEY"); let result = yubi.verify("OTP", Config::default()); match result { Ok(answer) => println!("{}", answer), Err(e) => println!("Error: {}", e), } } ```

OTP with custom API servers

```rust extern crate yubico;

use yubico::Yubico; use yubico::config::*;

fn main() { let yubi = Yubico::new("CLIENTID", "APIKEY");

let config = Config::default().setapihosts(vec!["https://api.example.com/verify".into()]); let result = yubi.verify("OTP", config); match result { Ok(answer) => println!("{}", answer), Err(e) => println!("Error: {}", e), } } ```

Configure Yubikey (HMAC-SHA1 mode)

Note, please read about the initial configuration Alternatively you can configure the yubikey with the official Yubikey Personalization GUI.

```rust extern crate rand; extern crate yubico;

use yubico::{Yubico}; use yubico::config::{Config, Command}; use yubico::configure::{ DeviceModeConfig }; use yubico::hmacmode::{ HmacKey }; use rand::{thread_rng, Rng}; use rand::distributions::{Alphanumeric};

fn main() { let mut yubi = Yubico::new();

if let Ok(device) = yubi.findyubikey() { println!("Vendor ID: {:?} Product ID {:?}", device.vendorid, device.product_id);

   let config = Config::default()
       .set_vendor_id(device.vendor_id)
       .set_product_id(device.product_id)
       .set_command(Command::Configuration2);

    let mut rng = thread_rng();

    // Secret must have 20 bytes
    // Used rand here, but you can set your own secret: let secret: &[u8; 20] = b"my_awesome_secret_20";
    let secret: String = rng.sample_iter(&Alphanumeric).take(20).collect();
    let hmac_key: HmacKey = HmacKey::from_slice(secret.as_bytes());

    let mut device_config = DeviceModeConfig::default();
    device_config.challenge_response_hmac(&hmac_key, false, false);

    if let Err(err) = yubi.write_config(config, &mut device_config) {
        println!("{:?}", err);
    } else {
        println!("Device configured");
    }

} else { println!("Yubikey not found"); } } ```

Example Challenge-Response (HMAC-SHA1 mode)

Configure the yubikey with Yubikey Personalization GUI

```rust extern crate hex; extern crate yubico;

use std::ops::Deref; use yubico::{Yubico}; use yubico::config::{Config, Slot, Mode};

fn main() { let mut yubi = Yubico::new();

if let Ok(device) = yubi.findyubikey() { println!("Vendor ID: {:?} Product ID {:?}", device.vendorid, device.product_id);

   let config = Config::default()
       .set_vendor_id(device.vendor_id)
       .set_product_id(device.product_id)
       .set_variable_size(true)
       .set_mode(Mode::Sha1)
       .set_slot(Slot::Slot2);

   // Challenge can not be greater than 64 bytes
   let challenge = String::from("mychallenge");
   // In HMAC Mode, the result will always be the SAME for the SAME provided challenge
   let hmac_result= yubi.challenge_response_hmac(challenge.as_bytes(), config).unwrap();

   // Just for debug, lets check the hex
   let v: &[u8] = hmac_result.deref();
   let hex_string = hex::encode(v);

   println!("{}", hex_string);

} else { println!("Yubikey not found"); } } ```