Hi, I am following the proposed configuration for 2 factor authentication from:
https://www.qubes-os.org/doc/yubi-key/ But it isn't working for me. I found that the reason is that the responses from yubikey and from openssl doesn't match. I used the yubikey personalization GUI to configure the key, this is the configuration: Challenge-Response: HMAC-SHA1,12/10/17 5:17 PM,2,,,d574183f4b63995b077987f14457ab19f194c710,,,0,0,0,0,0,0,0,0,1,1 But when I manually test it using a random input, the result doesn't match: Open SSL: $ echo 56508ce98a10825321744c1e0565706f44bd585081d22ba5261836c45eabf14f92f2956b90fcb4eb058c380b8929518b365e28e926464f68707a6831a2eab8fe | xxd -r -ps | openssl dgst -sha1 -macopt hexkey:d574183f4b63995b077987f14457ab19f194c710 -mac HMAC -r | cut -f1 -d ' ' Result: 48e6c79fcb8f5f0dde68e26d646d2908b22321a1 Yubikey: $ ykchalresp -2 -x 56508ce98a10825321744c1e0565706f44bd585081d22ba5261836c45eabf14f92f2956b90fcb4eb058c380b8929518b365e28e926464f68707a6831a2eab8fe Result: 9f7d86c78ccdc232fcbec48e37fe2ac1f3f53a61 I double checked the slot, algorithm used, etc. And I also tried using different keys Where I am wrong? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e81779a-9663-4b13-abac-33c2fbae207a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
