GitHub - Spunkie/ykneo-oath: OATH App for the YubiKey NEO

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 195 Commits
applet/src/pkgYkneoOath		applet/src/pkgYkneoOath
test		test
.gitignore		.gitignore
BLURB		BLURB
COPYING		COPYING
NEWS		NEWS
README		README
VERSIONING		VERSIONING
build.xml		build.xml
client.pl		client.pl
do-release.sh		do-release.sh
gpinstall.txt		gpinstall.txt

Repository files navigation

YubiKey NEO App: OATH
=====================

This project implement the HMAC-SHA* card functionality used on the
YubiKey NEO device that is sold by Yubico. Its primary use is to use
the YubiKey NEO to generate OATH HOTP/TOTP one-time-passwords.

License
-------

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

Building
--------

There are several ways to build the project:

1) With ant, using JCKit.

2) With Eclipse and eclipse-jcde, using JCKit.

3) Using proprietary NXP Java Card tools.

We usually suggest using Ant.

Installing JCKit
----------------

Install the Java Card Development Kit version 2.2.2, download it from:

http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javame-419430.html#java_card_kit-2.2.2-oth-JPR

Unpack it into a new directory called for example "jckit" folder:

$ mkdir jckit
$ cd jckit
$ unzip /path/to/java_card_kit-2_2_2-linux.zip
$ cd java_card_kit-2_2_2/
$ unzip java_card_kit-2_2_2-rr-bin-linux-do.zip

Ant
---

The project can now be built by invoking ant, supplying the path to
JCKit. For example:

ant -DJAVACARD_HOME=/path/to/jckit/java_card_kit-2_2_2/

The cap file for loading on card will be at:

applet/bin/pkgYkneoOath/javacard/pkgYkneoOath.cap

Eclipe and eclipse-jcde
-----------------------

First install Eclipse following instructions on:

http://www.eclipse.org/

On Debian/Ubuntu systems Eclipse is packaged and can be installed from
the command line:

apt-get install eclipse

Start Eclipse once to make sure it creates a $HOME/.eclipse/
directory. Then quit Eclipse.

Download the eclipse-jcde-0.2.zip file from

http://eclipse-jcde.sourceforge.net/

and unpack it like this:

$ cd ~/.eclipse/*/
$ unzip /path/to/eclipse-jcde-0.2.zip

The path to unpack the file into depends on your Eclipse installation,
on my Debien Wheezy system the directory was called
~/.eclipse/org.eclipse.platform_3.8_155965261/

Start Eclipse again and confirm that you have a new top-level menu
called "Java Card". Then in Eclipse select the "Preferences" menu
under "Java Card" and point the "Java Card Home" directory to
/path/to/jckit/java_card_kit-2_2_2 replacing /path/to as appropriate.

After that the project can be imported into the workspace.
Right-click in the "Project Explorer" window and select "Import".
Under "General" select "Existing Projects into Workspace". As the
root directory point the directory holding this file. You need to
select "Copy projects into workspace".

To build the .cap file, expand and right click on the "pkgYkneoOath"
sub-directory and select "Java Card Tools" and then "Convert". The
CAP file will be available in your Eclipse workspace as:

applet/bin/pkgYkneoOath/javacard/pkgYkneoOath.cap

Enable CCID mode on the NEO
---------------------------

First make sure the YubiKey NEO is in the HID/CCID or CCID mode, using
ykpers from the YubiKey Personalization tool:

http://code.google.com/p/yubikey-personalization/
https://github.com/Yubico/yubikey-personalization

For example:

sudo ykpersonalize -m82

Eject and re-insert the NEO to restart it in the new USB mode. You
should then have a USB device like 1050:0111 or 1050:0112. The
1050:0110 device is HID only.

Installing CAP file to NEO
--------------------------

Then install the gpshell tool from Global Platform:

http://sourceforge.net/projects/globalplatform/

The projects that are needed is the GlobalPlatform Library 6.0.0,
GPShell 1.4.4, and gppcscconnectionplugin 1.1.0.

You need to whitelist the device in /etc/libccid_Info.plist.

WARNING! When you load a new CAP file, everything on the device for
that app is erased. Keep a backup of your OATH credentials!

When the CAP file has been built and is available in the path shown
above, you may use the gpshell tool to load it:

$ gpshell gpinstall.txt

That's it!