Table of Contents

Struct ConfigurationFlags

Namespace
Yubico.YubiKey.Otp
Assembly
Yubico.YubiKey.dll

Flags that control the functionality of the programmed OTP slot. This includes switching the slot's mode.

public struct ConfigurationFlags

Fields

AllowManualUpdate

Configures the slot to allow for user-triggered static password change.

public const byte AllowManualUpdate = 128

Field Value

byte

ChallengeResponse

Enables Challenge-Response mode instead of an OTP mode.

public const byte ChallengeResponse = 32

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the ChallengeResponse flag must be set.

ExtendedScanCodes

Configures the slot to emit a fixed set of characters, commonly referred to as "static password" mode.

public const byte ExtendedScanCodes = 2

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to enable ExtendedScanCodes mode, the StaticTicket flag must NOT be set.

HmacLessThan64Bytes

Set when the HMAC message is less than 64 bytes.

public const byte HmacLessThan64Bytes = 4

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, this flag must be used with the ChallengeResponse flag.

HmacSha1ChallengeResponse

Enabled HMAC-SHA1 challenge-response mode.

public const byte HmacSha1ChallengeResponse = 34

Field Value

byte

Remarks

This flag, set together with ChallengeResponse enables HMAC-SHA1 challenge-response mode.

When set, the configuration does not work in normal OTP mode. This flag must be used with the ChallengeResponse and ChallengeResponse flags.

None

No special configuration modifiers are requested for this configuration.

public const byte None = 0

Field Value

byte

OathFixedModhex

Specifies that all bytes of the token identifier should be modhex.

public const byte OathFixedModhex = 80

Field Value

byte

Remarks

Note that this flag can only be used if the OathHotp flag is also set. It may have unintended side effects if used in other contexts.

OathFixedModhex1

Specifies that the first byte of the token identifier should be modhex.

public const byte OathFixedModhex1 = 16

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the OathHotp flag must be set.

OathFixedModhex2

Specifies that the first two bytes of the token identifier should be modhex.

public const byte OathFixedModhex2 = 64

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the OathHotp flag must also be set.

SendReferenceString

Output a reference string of the ModHex characters 0..15 first.

public const byte SendReferenceString = 1

Field Value

byte

Remarks

This can be used by the verifying application to verify the mapping of the modhex characters. For all YubiKeys with a firmware version of 2.0 or later, if set in combination with the UseAlphaNumericPassword flag, this string will be replaced with a shifted character '1' (typically '!' on most keyboard layouts). This can be used to meet strong password requirements where at least one character is required to be a "special character".

ShortTicket

Truncate the OTP part to 16 characters.

public const byte ShortTicket = 2

Field Value

byte

Remarks

This function is only meaningful in static mode as a truncated dynamic OTP cannot be successfully decoded.

Note that this flag's value collides with other flags in this enumeration. In order to enable short ticket mode, this flag must be used with StaticTicket.

StaticTicket

Uses the same "OTP" generation algorithm, but all dynamic fields are set to fixed values.

public const byte StaticTicket = 32

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the ChallengeResponse flag must NOT be set.

Use10msPacing

Add an inter-character pacing time of 10ms between keystrokes.

public const byte Use10msPacing = 4

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to use 10ms pacing, the ChallengeResponse flag must NOT be set.

Use20msPacing

Add an inter-character pacing time of 20ms between keystrokes.

public const byte Use20msPacing = 8

Field Value

byte

Remarks

When set, an intra-character pacing time of 20 milliseconds is added between each sent keystroke. Combined with the Use10msPacing flag, the total delay is 30 milliseconds.

Note that this flag's value collides with other flags in this enumeration. In order to use 20ms pacing, the ChallengeResponse flag must NOT be set.

Use8DigitHotp

Configures the slot for OATH-HOTP mode, using an 8 digit password.

public const byte Use8DigitHotp = 2

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to enable 8-digit HOTPs, the OathHotp flag must be set.

UseAlphaNumericPassword

Enable generation of mixed character and digits.

public const byte UseAlphaNumericPassword = 64

Field Value

byte

Remarks

Setting this flag enables generation of mixed character and digits required by password policy settings in some legacy systems.

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the ChallengeResponse flag must NOT be set.

UseButtonTrigger

Require YubiKey button touch for challenge response configuration.

public const byte UseButtonTrigger = 8

Field Value

byte

Remarks

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, this flag must be used with the ChallengeResponse flag.

UseMixedCasePassword

Enable generation of mixed-case characters.

public const byte UseMixedCasePassword = 16

Field Value

byte

Remarks

Setting this flag enables generation of mixed-case characters required by password policy settings in some legacy systems.

Note that this flag's value collides with other flags in this enumeration. In order to have the intended meaning, the OathHotp flag must NOT be set.

YubicoOtpChallengeResponse

Enables Yubico OTP challenge-response mode.

public const byte YubicoOtpChallengeResponse = 32

Field Value

byte

Remarks

This flag, set together with ChallengeResponse enables Yubico OTP challenge-response mode.

When set, the configuration does not work in normal OTP mode. This flag must be used with the ChallengeResponse and ChallengeResponse flags.

Methods

ValidateFlagsForUpdate()

Ensure that no flags are set that cannot be used to update an existing configuration.

public void ValidateFlagsForUpdate()

Operators

implicit operator ConfigurationFlags(byte)

Implicitly convert a byte to a ConfigurationFlags object.

public static implicit operator ConfigurationFlags(byte b)

Parameters

b byte

A byte containing the flags.

Returns

ConfigurationFlags

implicit operator byte(ConfigurationFlags)

Implicitly convert ConfigurationFlags to a byte.

public static implicit operator byte(ConfigurationFlags flags)

Parameters

flags ConfigurationFlags

Flag object to convert.

Returns

byte