OTP application overview

The OTP application on the YubiKey allows developers to program the device with a variety of configurations through two "slots." Each slot may be programmed with a single configuration — no data is shared between slots, and each slot may be protected with an access code to prevent modification.

"OTP application" is a bit of a misnomer. While OTP (one-time password) functionality is the focus of the application, the slots may be programmed with other configurations. Supported configurations include:

• Yubico OTP
• Initiative for Open Authentication HMAC-based OTP (OATH HOTP)
• Static password
• Challenge-response (using the HMAC-SHA1 or Yubico OTP algorithms)

YubiKeys that support NFC also include a configurable NDEF (NFC Data Exchange Format) tag. This tag can be configured to point to a slot that is programmed with a Yubico OTP or an OATH HOTP in order to make the OTP easily readable in NFC authentication scenarios.

Off-the-shelf YubiKeys come with the first slot preconfigured with a Yubico OTP (registered with the YubiCloud validation service) and the second slot empty.

.NET SDK functionality

The SDK is designed to enable developers to accomplish common YubiKey OTP application configuration tasks:

• Program a slot with a Yubico OTP credential
• Program a slot with a static password
• Program a slot with a challenge-response credential
• Calculate a response code for a challenge-response credential
• Delete a slot’s configuration
• Program a slot with an HMAC-SHA1 OATH-HOTP credential
• Retrieve a slot’s status
• Configure NDEF to use a slot to generate an OTP
• Read information from an NDEF tag
• Update slot settings
• Swap slot configurations
• Set, reset, remove, and use slot access codes