GENERATE OTP AEAD KEY Command

Generate an OTP AEAD Key.

Description

Generate an OTP AEAD Key for Yubico OTP decryption.

Shell Example

Generate a new AES-256 OTP AEAD Key that can decrypt Yubico OTPs and create new AEADs:

yubihsm> generate otpaeadkey 0 0 otpaeadkey 1 decrypt-otp,
  create-otp-aead aes256-yubico-otp 0x01020304
Generated OTP AEAD key 0x027c

Protocol Details

Command

Tc = 0x66
Lc = 2 + 40 + 2 + 8 + 1 + 4
Vc = I || L || D || C || A || N

Parameters:

I := Object ID of the OTP AEAD Key (2 bytes)

L := Label (40 bytes)

D := Domains (2 bytes)

C := Capabilities (8 bytes)

A := Algorithm (1 byte)

N := Nonce ID (4 bytes)

Response

Tr = 0xe6
Lr = 2
Vr = I

Parameters:

I := Object ID of the created OTP AEAD Key (2 bytes)