Use Yubico compatible AID for TOTP

DangerousThings · Feb 1, 2023 · 966daa6 · 966daa6
1 parent 1dc1d7b
commit 966daa6
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 30 deletions.
diff --git a/applets/apex-totp b/applets/apex-totp
diff --git a/docs/applets/2-totp-hotp.md b/docs/applets/2-totp-hotp.md
@@ -9,7 +9,7 @@ These codes are preferred over e.g. SMS codes, because the process requires no c
 - Repository: https://github.com/VivoKey/apex-totp
 - Binary name: `vivokey-otp.cap`
 - Download: https://github.com/DangerousThings/flexsecure-applets/releases
-- AID: `A0:00:00:07:47:00:61:FC:54:D5:01:01`, Package: `A0:00:00:07:47:00:61:FC:54:D5:01`
+- AID: `A0:00:00:05:27:21:01:01:02`, Package: `A0:00:00:05:27:21:01:01`
 - Storage requirements:
   - Persistent: `5128` bytes (`6020` with three TOTP accounts)
   - Transient reset: `2296` bytes (`2392`)
@@ -32,42 +32,21 @@ gp -install vivokey-otp.cap
 Listing the applets using `gp --list` should print something like this:
 
 ```
-APP: A0000007470061FC54D50101 (SELECTABLE)
+APP: A00000052721010102 (SELECTABLE)
      Parent:  A000000151000000
-     From:    A0000007470061FC54D501
+     From:    A000000527210101
 
-PKG: A0000007470061FC54D501 (LOADED)
+PKG: A000000527210101 (LOADED)
      Parent:  A000000151000000
      Version: 1.1
-     Applet:  A0000007470061FC54D50101
-```
-
-If you want to emulate a YubiKey, e.g. to use the Yubico Authenticator app, you have to specify another AID (`A0:00:00:05:27:21:01:01`):
-
-```
-gp -load vivokey-otp.cap
-
-gp -package A0000007470061FC54D501 -applet A0000007470061FC54D50101 -create A000000527210101
-```
-
-Listing the applets using `gp --list` should print something like this:
-
-```
-APP: A000000527210101 (SELECTABLE)
-     Parent:  A000000151000000
-     From:    A0000007470061FC54D501
-
-PKG: A0000007470061FC54D501 (LOADED)
-     Parent:  A000000151000000
-     Version: 1.1
-     Applet:  A0000007470061FC54D50101
+     Applet:  A00000052721010102
 ```
 
 ## Using the Applet
 
 Use the VivoKey Apex Manager App to interface this applet.
 
-The Yubikey Authenticator tool is able to interface this applet on both Desktop and Mobile if you emulate a YubiKey AID, and also have the HMAC-SHA1 applet installed (it does not necessarily have to be initialized with keys). On Desktop, you have to specify your PCSC reader in **Settings -> Advanced -> Custom Reader**.
+The Yubikey Authenticator tool is able to interface this applet on both Desktop and Mobile as well, but it requires you to also have the HMAC-SHA1 applet installed (it does not necessarily have to be initialized with keys). On Desktop, you have to specify your PCSC reader in **Settings -> Advanced -> Custom Reader**.
 
 You can also use the yubikey-manager CLI tool (`ykman`) to interface with the applet. You have to specify your reader using the `-r` flag (use `ykman list -r` to get a list of readers). Replace `SECRET` with a 32 character Base-32 encoded secret:
 

diff --git a/scripts/test/apex-totp.bats b/scripts/test/apex-totp.bats
@@ -15,7 +15,7 @@ setup() {
     java -cp /app/tools/jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar:./target com.licel.jcardsim.remote.VSmartCard /app/src/scripts/test/res/apex-totp.jcardsim.cfg > /dev/null &
     JCSIM_PID="$!"
     sleep 2
-    opensc-tool -r 'Virtual PCD 00 00' -s '80 b8 00 00 0B  08  A0 00 00 05 27 21 01 01  00  FF'
+    opensc-tool -r 'Virtual PCD 00 00' -s '80 b8 00 00 0B  09  A0 00 00 05 27 21 01 01 02  00  FF'
     SECRETB32='IVCEGRTIOQ3UGSLNI5KDMT2RKF4FGUCO'
 }
 

diff --git a/scripts/test/res/apex-totp.jcardsim.cfg b/scripts/test/res/apex-totp.jcardsim.cfg
@@ -1,4 +1,4 @@
-com.licel.jcardsim.card.applet.0.AID=A000000527210101
+com.licel.jcardsim.card.applet.0.AID=A00000052721010102
 com.licel.jcardsim.card.applet.0.Class=com.vivokey.otp.YkneoOath
 com.licel.jcardsim.card.ATR=3BF91800FF8131FE4550565F4A334130343040
 com.licel.jcardsim.vsmartcard.host=localhost