Is there any way to view/set HMAC challenge response secret (as you can with Yubikey)?
This way, I could load the secret on to other Only keys.
Thanks
Same question:)! I can see 30 slots but they are all empty.
From my testing, it looks like you need to save it securely somewhere if you want to store it in other keys. That or you need to invest in HW for sniffing the USB-bus:-)
Yes, here are the instructions for setting hmac secret so you can for example use it interchangeably with Yubikey https://docs.crp.to/usersguide.html#challenge-response
Thanks.
I see that doing so requires the Only Key CLI.
Can this be done through the app on the “Advanced” page under "Add Private Key- HMAC SHA1 " (slots 1-30)?
I think it is possible but I could not get it to work reliably via the GUI app. Could be me but using the cli was a lot easier! Just make sure to follow the procedure to the letter as the Key needs to be in config mode to make this work.
Thanks @Jerone1000.
The instructions say “Keys/passwords are masked when entered and should only be set from interactive mode and not directly from terminal. Entering directly from terminal is not secure as command history is stored.”
I’m not a programmer so I don’t use CLI that much. My default shell is zsh (MacOS). Since I’m logged in to my user profile, am I entering commands in this interactive shell by default when in terminal?
I can see my command history (for other non- Only Key entries) and none of the passwords/sensitive information are displayed, just the commands themselves.
Thank you
I think they mean you have to run onlykey-cli (interactive cli) first and then type your commands. Hence, ** do not** invoke onlykey-cli methods with arguments directly from the zsh shell (one of the arguments would be the password). tl;dr the only thing you should see in your history is “onlykey-cli”.
Also note you need Python 3.8.0:
python -V
Python 3.8.0
Thanks a bunch!
I’ll give it a shot.