Implement Challenge/ Response auth

[spacekookie]

Would you be interested in implementing that mode to this crate?

I'm not super familiar with how yubikeys work so I'm not sure I could help with anything but looking at the available modes (and wanting to support yubikey in one of my applications) it feels like the most fitting one for me to use

[wisespace-io]

It seems that Challenge/Response mode is best suited for offline validations, so the crate would need to interact with the yubikey via HID interface. I can check how I can extend it to support offline mode.

[spacekookie]

That would be really cool, especially because my application is potentially offline only :)

[wisespace-io]

@spacekookie I noticed that Yubikey crate does what you want. Unfortunately, the crate doesn't have a git repository and examples. However, it is still possible to see the source code via the documentation https://docs.rs/yubikey/0.3.1/yubikey/ I did a quick test and it seems to work, so I will port challenge-mode code from there to this crate.

[spacekookie]

@wisespace-io Oh that would be super cool! I shied away from that crate as well due to not having been maintained in 2 years. But if you can just port the code over to your crate that solves all the problems :) Thank you

[wisespace-io]

@spacekookie I merged the code into this project, I think it is missing a check() method, I can add later. If you already have a Yubikey, you can configure it with https://developers.yubico.com/yubikey-personalization-gui/ ... I didn't add the configuration part to this project. Once you install the software, it is very simple to Enable Challenge-Response Mode to your Yubikey,

https://www.youtube.com/watch?v=r6Qe9Z-kOH0

[spacekookie]

Ah nice, thanks :) I'll test the functionality with my yubikey soon. Although just generally asking, do you consider adding the configuration part of it to the library as well out of scope? Or would you be interested in adding it at some point?

[wisespace-io]

Yes, I am going to add the configuration after summer vacation :)

[wisespace-io]

@spacekookie The challenge-response seems to work fine. I got the same response that the Yubico UI. Therefore, I am going to close this issue. I also added a configuration example, however I just tried the configuration used in the example.

https://github.com/wisespace-io/yubico-rs/blob/master/example/src/configuration_hmac.rs

[ThinkontrolSY]

Hi, My application need offline auth too, so I am seeking something like Challenge/ Response auth with yubikey. I read about this issue, and I still don't get the point. Can I use this crate on challenge/ Response auth ? Thank :)

[wisespace-io]

@ThinkontrolSY I moved Challenge/Response to https://github.com/wisespace-io/yubico-manager

[ThinkontrolSY]

@wisespace-io Thanks, I will have a try after Chinese new year vacation :)