Yubico Forum ...visit our web-store at 2008-10-20T12:27:20+01:00 https://forum.yubico.com/feed.php?f=3&t=193 2008-10-20T12:27:20+01:00 2008-10-20T12:27:20+01:00 https://forum.yubico.com/viewtopic.php?t=193&p=765#p765 <![CDATA[Re: troubles verifying response]]>
/Simon

Statistics: Posted by Simon — Mon Oct 20, 2008 12:27 pm

]]> 2008-10-08T07:35:12+01:00 2008-10-08T07:35:12+01:00 https://forum.yubico.com/viewtopic.php?t=193&p=753#p753 <![CDATA[Re: troubles verifying response]]> Philippe wrote:

Yes, now requests that previously returned OK now return BAD_SIGNATURE. I tried to use it without the h parameter but then I get MISSING_PARAMETER info=h.


Philippe, you can turn on/off of signature & id checking at our new validation server in beta:

http://63.146.69.105/yms/

And, you can use this to test the generated signature:

http://63.146.69.105/wsapi/sign_demo.php

To validate an OTP:

Debug mode: http://63.146.69.105/wsapi/verify_debug ... ....&h=....

Production mode: http://63.146.69.105/wsapi/verify?id=...&otp=....&h=....

This beta server's database is used only for testing purpose, NOT the same as the production database behind the server at http://api.yubico.com.

Thanks for comments

Statistics: Posted by paul — Wed Oct 08, 2008 7:35 am

]]> 2008-10-07T19:26:25+01:00 2008-10-07T19:26:25+01:00 https://forum.yubico.com/viewtopic.php?t=193&p=752#p752 <![CDATA[Re: troubles verifying response]]> Statistics: Posted by Philippe — Tue Oct 07, 2008 7:26 pm

]]> 2008-10-06T20:38:34+01:00 2008-10-06T20:38:34+01:00 https://forum.yubico.com/viewtopic.php?t=193&p=742#p742 <![CDATA[Re: troubles verifying response]]>
So I'm migrating it to the new server at:

http://63.146.69.105/wsapi/verify.php?id=1&otp=...

Let me know if you have problems with the new server?

Thanks

Statistics: Posted by paul — Mon Oct 06, 2008 8:38 pm

]]> 2008-10-05T10:54:14+01:00 2008-10-05T10:54:14+01:00 https://forum.yubico.com/viewtopic.php?t=193&p=738#p738 <![CDATA[troubles verifying response]]>
The response I get is something like this (REPLAYED_OTP is ok, I'm fooling around)
Code:
h=yPsLotcX+VOIP/OSlViLqsMLl4c=
t=2008-10-05T09:17:26Z0459
status=REPLAYED_OTP

What I do is the following:
  1. base 64 decode the hash which gives me (200 251 11 162 215 23 249 83 136 63 243 146 149 88 139 170 195 11 151 135)
  2. compute the verification line which is in this case "s=REPLAYED_OTP&t=2008-10-05T09:17:26Z0459". It's all ASCII so it's the same in UTF-8.
  3. compute the HMAC-SHA1 hash over the verification line using my shared secret and compare it with hash from the first step. They don't match.
I also sign my requests and the server does verify them. If I attach a wrong signature the server complains with BAD_SIGNATURE. So I think my HMAC-SHA1 library is ok. My first guess would be that my verification line is bad.

Statistics: Posted by Philippe — Sun Oct 05, 2008 10:54 am

]]>