The YubiKey includes the option to configure the token with challenge-response capability.
Core Challenge-Response features
- Supports the YubiKey OTP algorithm
- Does not require a Network Connect to an external validation server
- Does not require additional low-level drivers for use – All communication is supported by the built-in HID class driver
- YubiKey may be configured for automatic validation or require user response
- Supports standard HMAC-SHA1
- YubiKey creates a “Response” based on a provided “Challenge” and a shared secret
- High-Level Device Configuration Component based on Microsoft’s COM/ActiveX technology provided for ease of integration
- Supports a wide range of languages and scripting environments
Download YubiKey Configuration Tools for Windows, OSX or Linux
How it works
In Challenge-Response mode, the YubiKey works differently than in other modes. In Challenge-Response mode the YubiKey receives a “Challenge”, or a packet of data sent from an application to the YubiKey, where it is used to generate a unique response based off of a secret programmed in the YubiKey.
Configuration guide (pdf)