Re: New Python yubikey_auth project

2009-08-08T06:22:52+01:00

Made a minor update today - you can use without providing your api key now if you really want to (not sure why you would, but hey). Still need to get yourself a client id though - that seems to be required by Yubico. Included BSD license in file now to make licensing clear for everyone.

http://code.google.com/p/python-yubikey ... loads/list

Statistics: Posted by bmeredyk — Sat Aug 08, 2009 6:22 am

New Python yubikey_auth project

2009-08-02T06:27:19+01:00

I just got my first Yubikey and of course had to play with it. Since I've been experimenting with webapps in python I figured I might as well figure out how to verify a OTP in python. Sure there are a couple of other python libraries out there, but none of them supported validating against the HMAC signatures, so I wrote one of my own. The documentation on http://yubico.com/developers/api/ was a bit harder to understand than it needed to be so I'm sharing my implementation at http://code.google.com/p/python-yubikey-auth/

A couple of things about validating HMAC signatures that I learned in the process and that others trying to do their own implementations might find helpful:

The API Key that you get from https://api.yubico.com/get-api-key/ is base64 encoded - before you use it to generate or check signatures you need to decode it! This wasn't obvious to me and I wasted a lot of time because of this.
The API docs talk about key value pairs and the keys needing to be in alphabetical order when verifying the signature. When explaining the procedure for generating signatures they keep talking about keys a, b & c but in reality the keys you care about are "info" (not always there), "status" and "t". (Keys "a", "b", and "c" aren't ever used anytime in the whole process so why even mention them!)

Statistics: Posted by bmeredyk — Sun Aug 02, 2009 6:27 am

Yubico Forum

Re: New Python yubikey_auth project

New Python yubikey_auth project