Re: Made a non-pear php implementation

2009-09-09T20:22:08+01:00

Code:

$signature = preg_replace('/\+/', '%2B', $signature);

This will help and thanks for sharing

Statistics: Posted by Klaus — Wed Sep 09, 2009 8:22 pm

Made a non-pear php implementation

2009-07-10T18:55:20+01:00

Been meaning to post this for a while. This is a demo script (sadly I have yet to apply it anywhere) that uses the curl extension in php. It signs the request, sends over ssl, and verifies the response signature.

Demo: http://rikku.vrillusions.com/~vr/yubikey-verify.php
Source: http://rikku.vrillusions.com/~vr/yubikey-verify.phps

Only bug I've been noticing is sometimes the sent signature for message I sent comes back from yubico as invalid. It's reproducable enough that it goes no more than 10 times before I'll see it. Not sure if it's on my end or yubico's since I don't think the official libraries verify it. I'm sending everything over ssl so verifying hashes is redundant. I set this up as a most secure way possible. If anyone can figure out how to fix that part I'd be happy to know. Otherwise this library could be useful for people that don't even want to depend on PEAR.

Statistics: Posted by vrillusions — Fri Jul 10, 2009 6:55 pm

Yubico Forum

Re: Made a non-pear php implementation

Made a non-pear php implementation