{"id":17919203,"url":"https://github.com/louib/challenge-response","last_synced_at":"2025-03-24T00:31:21.933Z","repository":{"id":217417692,"uuid":"743832817","full_name":"louib/challenge-response","owner":"louib","description":"Perform HMAC-SHA1 and OTP challenges with YubiKey, OnlyKey and NitroKey, in pure Rust.","archived":false,"fork":false,"pushed_at":"2025-01-31T00:00:03.000Z","size":203,"stargazers_count":6,"open_issues_count":5,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-19T00:41:28.458Z","etag":null,"topics":["authentication","challenge-response","encryption","hmac","hmac-sha1","nitrokey","onlykey","otp","security","yubico","yubikey"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/louib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-16T04:48:00.000Z","updated_at":"2025-02-17T09:26:09.000Z","dependencies_parsed_at":"2024-02-06T02:29:16.113Z","dependency_job_id":"0af29b13-e7ce-4be0-bacf-903ae3e08bb7","html_url":"https://github.com/louib/challenge-response","commit_stats":null,"previous_names":["louib/challenge-response"],"tags_count":47,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/louib%2Fchallenge-response","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/louib%2Fchallenge-response/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/louib%2Fchallenge-response/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/louib%2Fchallenge-response/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/louib","download_url":"https://codeload.github.com/louib/challenge-response/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245191062,"owners_count":20575244,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","challenge-response","encryption","hmac","hmac-sha1","nitrokey","onlykey","otp","security","yubico","yubikey"],"created_at":"2024-10-28T20:15:28.989Z","updated_at":"2025-03-24T00:31:21.668Z","avatar_url":"https://github.com/louib.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# challenge-response\n\n[![Latest Version]][crates.io] [![Documentation]][docs.rs] [![Build Status]][CI on Master] [![Dependency Status]][deps.rs] [![MIT licensed]][MIT] [![Apache-2.0 licensed]][APACHE]\n\n[Documentation]: https://docs.rs/challenge_response/badge.svg\n[docs.rs]: https://docs.rs/challenge-response/\n[Latest Version]: https://img.shields.io/crates/v/challenge-response.svg\n[crates.io]: https://crates.io/crates/challenge-response\n[MIT licensed]: https://img.shields.io/badge/License-MIT-blue.svg\n[MIT]: ./LICENSE-MIT\n[Apache-2.0 licensed]: https://img.shields.io/badge/License-Apache%202.0-blue.svg\n[APACHE]: ./LICENSE-APACHE\n[Dependency Status]: https://deps.rs/repo/github/louib/challenge-response/status.svg\n[deps.rs]: https://deps.rs/repo/github/louib/challenge-response\n[Build Status]: https://github.com/louib/challenge-response/actions/workflows/merge.yml/badge.svg?branch=master\n[CI on Master]: https://github.com/louib/challenge-response/actions/workflows/merge.yml\n\n`challenge-response` is a Rust library for performing [challenge-response](https://wiki.archlinux.org/index.php/yubikey#Function_and_Application_of_Challenge-Response) operations (hashing and encryption) using security keys like the YubiKey and the OnlyKey.\n\n## Current features\n\n- [HMAC-SHA1 Challenge-Response](https://datatracker.ietf.org/doc/html/rfc2104)\n- [Yubico OTP Challenge-Response encryption](https://docs.yubico.com/yesdk/users-manual/application-otp/yubico-otp.html)\n- Challenge-Response configuration\n\n## Supported devices\n\n- YubiKey 2.2 and later\n- OnlyKey (**untested**)\n- NitroKey (**untested**)\n\n## Usage\n\nAdd this to your `Cargo.toml`\n\n```toml\n[dependencies]\nchallenge_response = \"0\"\n```\n\n### nusb backend (EXPERIMENTAL)\n\nYou can enable the experimental [nusb](https://crates.io/crates/nusb) backend by adding the following to your `Cargo.toml` manifest:\n\n```toml\n[dependencies]\nchallenge_response = { version = \"0\", default-features = false, features = [\"nusb\"] }\n```\n\nThe `nusb` backend has the advantage of not depending on `libusb`, thus making it easier to add\n`challenge_response` to your dependencies.\n\n### Perform a Challenge-Response (HMAC-SHA1 mode)\n\nIf you are using a YubiKey, you can configure the HMAC-SHA1 Challenge-Response\nwith the [Yubikey Personalization GUI](https://developers.yubico.com/yubikey-personalization-gui/).\n\n```rust,ignore\nextern crate challenge_response;\nextern crate hex;\n\nuse challenge_response::config::{Config, Mode, Slot};\nuse challenge_response::ChallengeResponse;\nuse std::ops::Deref;\n\nfn main() {\n    let mut cr_client = match ChallengeResponse::new() {\n        Ok(c) =\u003e c,\n        Err(e) =\u003e {\n            eprintln!(\"{}\", e.to_string());\n            return;\n        }\n    };\n\n    let device = match cr_client.find_device() {\n        Ok(d) =\u003e d,\n        Err(e) =\u003e {\n            eprintln!(\"Device not found: {}\", e.to_string());\n            return;\n        }\n    };\n\n    println!(\n        \"Vendor ID: {:?} Product ID {:?}\",\n        device.vendor_id, device.product_id\n    );\n\n    let config = Config::new_from(device)\n        .set_variable_size(true)\n        .set_mode(Mode::Sha1)\n        .set_slot(Slot::Slot2);\n\n    // Challenge can not be greater than 64 bytes\n    let challenge = String::from(\"mychallenge\");\n    // In HMAC Mode, the result will always be the\n    // SAME for the SAME provided challenge\n    let hmac_result = cr_client\n        .challenge_response_hmac(challenge.as_bytes(), config)\n        .unwrap();\n\n    // Just for debug, lets check the hex\n    let v: \u0026[u8] = hmac_result.deref();\n    let hex_string = hex::encode(v);\n\n    println!(\"{}\", hex_string);\n}\n```\n\n### Configure Yubikey (HMAC-SHA1 mode)\n\nNote, please read about the [initial configuration](https://wiki.archlinux.org/index.php/yubikey#Initial_configuration)\nAlternatively you can configure the yubikey with the official [Yubikey Personalization GUI](https://developers.yubico.com/yubikey-personalization-gui/).\n\n```rust,ignore\nextern crate challenge_response;\nextern crate rand;\n\nuse challenge_response::config::{Command, Config};\nuse challenge_response::configure::DeviceModeConfig;\nuse challenge_response::hmacmode::{\n    HmacKey, HmacSecret, HMAC_SECRET_SIZE,\n};\nuse challenge_response::ChallengeResponse;\nuse rand::distributions::Alphanumeric;\nuse rand::{thread_rng, Rng};\n\nfn main() {\n    let mut cr_client = match ChallengeResponse::new() {\n        Ok(y) =\u003e y,\n        Err(e) =\u003e {\n            eprintln!(\"{}\", e.to_string());\n            return;\n        }\n    };\n\n    let device = match cr_client.find_device() {\n        Ok(d) =\u003e d,\n        Err(e) =\u003e {\n            eprintln!(\"Device not found: {}\", e.to_string());\n            return;\n        }\n    };\n\n    println!(\n        \"Vendor ID: {:?} Product ID {:?}\",\n        device.vendor_id, device.product_id\n    );\n\n    let config = Config::new_from(device)\n        .set_command(Command::Configuration2);\n\n    let mut rng = thread_rng();\n\n    // Used rand here, but you can set your own secret:\n    // let secret: \u0026HmacSecret = b\"my_awesome_secret_20\";\n    let secret: Vec\u003cu8\u003e = rng\n        .sample_iter(\u0026Alphanumeric)\n        .take(HMAC_SECRET_SIZE)\n        .collect();\n    let hmac_key: HmacKey = HmacKey::from_slice(\u0026secret);\n\n    let mut device_config = DeviceModeConfig::default();\n    device_config.challenge_response_hmac(\u0026hmac_key, false, false);\n\n    if let Err(err) =\n        cr_client.write_config(config, \u0026mut device_config)\n    {\n        println!(\"{:?}\", err);\n    } else {\n        println!(\"Device configured\");\n    }\n}\n```\n\n## Credits\n\nThis library was originally a fork of the [yubico_manager](https://crates.io/crates/yubico_manager) library.\n\n## License\n\nMIT or Apache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flouib%2Fchallenge-response","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flouib%2Fchallenge-response","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flouib%2Fchallenge-response/lists"}