yubikey-ksm 1.15-4ubuntu1 / usr / share / doc / yubikey-ksm / KeyProvisioningFormat.txt

This file is indexed.

/usr/share/doc/yubikey-ksm/KeyProvisioningFormat.txt is in yubikey-ksm 1.15-4ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
Key Provisioning Data Format
----------------------------

This file holds data used in the Yubikey personalization phase.

The file is an OpenPGP signed and encrypted text file.  Readers should
support both CRLF and LF line endings.  The values are text and
separated by comma ("," ASCII 0x2C).  The first line of the file MUST
be as follows:

 # ykksm 1

Each of the rest lines in the file follows the following format:

 serialNr,publicName,internalName,aesKey,lockCode,created,accessed[,progflags] # comment

Any data after a # is treated as a comment and is ignored.  Lines of
the following format:

 # comment

are also treated as comments.

The meaning are as follows:

* serialNr:

 the serial number of the device used for the barcode, decimal integer

* publicName:

 encoding of the "external" yubikey prefix, 0-16 modhex characters, typically 12
 modhex encoded data

* internalName:

 encoding of the "internal" yubikey identity, always 6 binary bytes = 12 hex,
 hex encoded data

* aesKey:

 an aes key used for the device, length decides whether it is a 128, 192, or 256 bit keys.
 hex encoded data

* lockCode:

 the locking code, always 6 binary bytes = 12 hex,
 hex encoded data

* created:

 timestamp of when the key was created
 for example 2009-02-24T17:41:57 or empty

* accessed:

 timestamp of when the key was last accessed
 for example 2009-02-24T17:41:57 or empty

* progflags:

 optional field, integer with flags used during personalization
 to enable, e.g., static key mode or cr output

Examples of valid data lines:

 4711,dlcfffckrcde,ca62baca62ba,ecde18dbe76fbd0c33330f1c354871db,be70aeca62ba,2009-01-22 00:25:11,
 4712,,ca62baca62ba,ecde18dbe76fbd0c33330f1c354871db,be70aeca62ba,2009-01-22 00:25:11,2009-02-13 00:05:40
 4713,dlcfffckrcdedlcf,ca62baca62ba,ecde18dbe76fbd0c33330f1c354871db,be70aeca62ba,2009-01-22 00:25:11,2009-02-13 00:05:40,0
 4714,dlcfffckrcdedlcf,ca62baca62ba,ecde18dbe76fbd0c33330f1c354871db,be70aeca62ba,2009-01-22 00:25:11,2009-02-13 00:05:40,4711

Example of actual data using the password 'foobar' (normally it would
be encrypted to a particular OpenPGP key id):

....
 -----BEGIN PGP MESSAGE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
 jA0EAwMClfljrWYVfm5gycDMIpZXLnzKtUfeEsqXRp63IdAghBzAfdIt4aeJ2kdV
 x8uvvHKeHfytjEo/U9Wg4NYqYoDnMeb4zXBmrRqWu558ldW75e5R2kPImuQnZIBQ
 3WKRbElrLpQTlbdyDDAzlOnVLvTrmekZ8ByUrED3tyZKJw7OW5YsHi3z5N+QNFbZ
 hpMWfDBiJRksQEXv3BbiWVojSS+ZlCBiDjqnbIGuk0nZlJSe3F3Jwdz22Y05aU2h
 +2e6vWkqsbvZMVHnU6pauyaM1dh2owXsoHCPLM1fs7ztIh5dAnV9d0TuW4ufKEFQ
 FdH5c4dNgl36CNM8dDlM3c8YpfjxlQ11e6ub7QZC1Eu3gqvfPIvYpczlwjkYOkcH
 nu1Iq42VgUSJzBr36aL9lLySyT8WRizzmJLaGYX/YqKgBXt6RTSO984WsxE6cl80
 paFvFOjybJ2V5GYc7pfdZAM2ySEhnS6PaxYAQXfrEhhtTTCCg1eCqKh4Yamv3u0v
 DAkppMqXeprjpC4cNvrQsVOKGx7HissA5x4rECLC
 =d54w
 -----END PGP MESSAGE-----
....

Naming Scheme
-------------

The files should use the standard GnuPG output extension '.asc'.

If you want to store many keys in a one-key per file approach, we
suggest to create files named after the serial number.  For example:

 0.asc
 1.asc
 2.asc
 3.asc
 4.asc
 5.asc
 6.asc
 7.asc
 8.asc
 9.asc
 10.asc
 11.asc
 ...

APT Browse - Built by Thomas Orozco.