This is the command yhsm-validation-server that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
yhsm-validation-server ‐ Credential validation server utilizing YubiHSM
SYNOPSIS
yhsm-validation-server [mode]
DESCRIPTION
This is a validation server using the YubiHSM for cryptographic operations.
It is primarily built to validate YubiKey OTPs (not stored in the YubiHSM internal
database), but it can also validate OATH token codes and legacy passwords.
OPTIONS
-D, --device
device file name (default: /dev/ttyACM0)
-v, --verbose
enable verbose operation
--debug
enable debug printout, including all data sent to/from YubiHSM
--U, --serve-url base
base of URL for validation web service (default: /yhsm/validate?)
--port num
port to listen on (default: 8003)
--addr addr
address to bind to (default: 127.0.0.1)
--hmac-kh kh
key handle to use for HMAC‐SHA‐1. Examples : "1", "0xabcd".
--hotp-window num
number of OATH counter values to try (default: 5)
--db-file fn
db file holding AEADs (see yhsm-init-oath-token(1)) (default: /var/yubico/yhsm-
validation-server.db)
--clients-file fn
text file with mode OTP validation client shared secrets (see yhsm-init-oath-
token(1)) (default: /var/yubico/yhsm-validation-server.db)
--pid-file fn
write process id of server to this file
MODES
--otp Validate YubiKey OTP against entry in the YubiHSM internal database. Response
should be compatible with those of yubikey-val-server-php ⟨http://code.google.com/
p/yubikey-val-server-php/⟩.
--short-otp
Validate YubiKey OTP against entry in the YubiHSM internal database. Returns a
single line with the decrypted information from the OTP, compatible with yubikey-
ksm ⟨http://code.google.com/p/yubikey-ksm/⟩.
--hotp Validate codes using the OATH HOTP algorithm, performing the HMAC‐SHA‐1 inside the
YubiHSM.
--pwhash
Validate that a string (a PBKDF2 hash of a password for example) matches the one in
an AEAD. Can be used to protect legacy passwords within an AEAD only readable to a
YubiHSM, but still recoverable if you know the AEAD key (since you put it in the
YubiHSM).
CLIENTS FILE
This file holds HMAC‐SHA‐1 secrets shared between the validation client and server.
An example file, with a single entry for id 4711 would be :
# hash-style comments and blank lines are ignored
4711,grF5BERXEXPPpww1/TBvFg==
# end
EXIT STATUS
0 YubiHSM keystore successfully unlocked
1 Failed to unlock keystore
255 Client ID not found in internal database
Use yhsm-validation-server online using onworks.net services