Yubico Forum ...visit our web-store at 2008-12-29T16:19:56+01:00 https://forum.yubico.com/feed.php?f=5&t=212 2008-12-29T16:19:56+01:00 2008-12-29T16:19:56+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=835#p835 <![CDATA[Re: Programming keys and configuringing server side]]>
dion.rowney wrote:

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = 'eXViaWNvdmFsaWRhdGlvbnNlcnZlcg==';


Please replace "$aesParams['__ADM_KEY_SECRET__'] = 'eXViaWNvdmFsaWRhdGlvbnNlcnZlcg==';" with $aesParams['__ADM_KEY_SECRET__'] = 'tMwIhota8tSdUNgISOoudQ==';

This should solve the issue and Yubico Validation server should verify your OTP correctly.
We have successfully tested it in our test environment.

Please let us know if your are facing any further configuration problems.

Statistics: Posted by network-marvels — Mon Dec 29, 2008 4:19 pm

]]> 2008-12-24T06:57:32+01:00 2008-12-24T06:57:32+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=832#p832 <![CDATA[Re: Programming keys and configuringing server side]]> Statistics: Posted by network-marvels — Wed Dec 24, 2008 6:57 am

]]> 2008-12-23T14:56:52+01:00 2008-12-23T14:56:52+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=831#p831 <![CDATA[Re: Programming keys and configuringing server side]]> Code:
//// AES secrets
//
$aesParams = array ();

/******* Erase this section after installation *******/


// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';
$otp = 'hbhdheebedeehdifkebgfhhbflrjccegdrctffnblrub';

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '12345';

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = 'eXViaWNvdmFsaWRhdGlvbnNlcnZlcg==';


/********** End of section to erase after installation *******/

// Make up a random secret to encrypt data in DB in b64 format
// Eg. $aesParams['__ENC_KEY_SECRET__'] = 'cretsec';
$aesParams['__ENC_KEY_SECRET__'] = 'WXViaWNvWXViaWtleQ==';

//// DB, email and web related
//
$baseParams = array ();
$baseParams['__DB_HOST__'] = 'localhost';
$baseParams['__DB_USER__'] = 'yubico';
$baseParams['__DB_PW__'] = 'yub1c0';
$baseParams['__DB_NAME__'] = 'yubico';

// Eg. $baseParams['__ROOT_EMAIL__'] = 'support@yubico.com';
$baseParams['__ROOT_EMAIL__'] = 'dion.rowney@gmail.com';

$baseParams['__ORDER_URL__'] = 'http://yubico.com/products/order/';
$baseParams['__DOMAIN__'] = 'localhost';

// Eg. $baseParams['__DOC_ROOT__'] = '/apache/htdocs/'
$baseParams['__DOC_ROOT__'] = '/var/www';


//// Validation server
//

$valParams = array ();
$valParams['__VAL_URL__'] = 'http://localhost/wsapi/verify.php?id=';

//// HTML related
//
$headParams = array ();
$headParams['__SHORTCUT_ICON_URL__'] = 'http://localhost/kms/images/favicon.ico';

//// KMS admin activation welcome letter
//
$letterParams = array ();
$letterParams['__KMS_URL__'] = 'http://localhost/kms';



and some otps

Code:
hbhdheebedeebtelvcegicernitfrggtblntntirvhgg
hbhdheebedeeujdjujrrujbjtgkiekkddujeelvjjgcc
hbhdheebedeejerdfrreuifjblkljjnnnhuvididrctu
hbhdheebedeedulhncujiibgjjnlbflvibhidthulcle
hbhdheebedeehlgtdifhcrbbhrercrcuirnclllutuef

Statistics: Posted by dion.rowney — Tue Dec 23, 2008 2:56 pm

]]> 2008-12-23T08:25:37+01:00 2008-12-23T08:25:37+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=830#p830 <![CDATA[Re: Programming keys and configuringing server side]]>
    1) yubiphpbase config.php file
    2) Five OTPs generated from your YubiKey

This would help us to figure out a problem you are facing.

Statistics: Posted by network-marvels — Tue Dec 23, 2008 8:25 am

]]> 2008-12-23T06:22:53+01:00 2008-12-23T06:22:53+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=829#p829 <![CDATA[Re: Programming keys and configuringing server side]]>

So it definately looks like they key programming if root cause. Is the following what would be correct for the above example to work? and set otp=to an output? or is the passphase aes key the other secret?

Code:
root@eee:~/yubikey-personalization-read-only# ./ykpersonalize -ouid=abc123 -ofixed=abc123
Passphrase to create AES key: yubicovalidationserver
Firmware version 1.3.0 Touch level 9376 Program sequence 24
fixed:hbhdheebedee
uid:hbhdheebedee
key:nfrrcjjhjnglvdtfktgctjcjfjulduig
acc_code:cccccccccccc
ticket_flags:APPEND_CR
config_flags:
root@eee:~/yubikey-personalization-read-only#

Statistics: Posted by dion.rowney — Tue Dec 23, 2008 6:22 am

]]> 2008-12-22T13:49:31+01:00 2008-12-22T13:49:31+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=827#p827 <![CDATA[Re: Programming keys and configuringing server side]]> dion.rowney wrote:

I assume $opt=""; is a key press of my earlier programmed key?


In the yubiphpbase config.php file, we have to store a OTP generated from reprogrammed YubiKey.

The stored OTP in the config.php file must be 44 characters long (First 12 characters of Static ID + 32 characters of OTP)

The first 12 charectors of OTP representing static ID will be first decoded from modHAX and the decoded static ID will be encoded in base64 format and stored in Database.

Statistics: Posted by network-marvels — Mon Dec 22, 2008 1:49 pm

]]> 2008-12-21T19:03:26+01:00 2008-12-21T19:03:26+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=826#p826 <![CDATA[Re: Programming keys and configuringing server side]]>
http://192.168.100.10/wsapi/verify_debu ... nfblfbhveu

and get:

Code:
<p>Debug> Invalid Yubikey gjndfgngdkkl
status=BAD_OTP
info=gjndfgngdkklvcjgebindtfivnenigdt
t=2008-12-21T18:00:36
<p>Debug> SIGN: info=gjndfgngdkklvcjgebindtfivnenigdt&status=BAD_OTP&t=2008-12-21T18:00:36
h=Ju1U9ETdOBgtxKqsO6x9B5EEyR0=


I also noticed that it does not appear to prepend the key identity to the otp (as seen by the following sequential keys):

Code:
jhblvdnekterkuddhrcniidnrkgvugbt
uebnhhnjlcrdgvdbghfjbkgnlbcjirti
nkktenriengnegdevcvrcfulindhtetv
undcvehjcngrkvegigerdljbngnkhhnb
tluitcffjrhbngidlnfbenthvgtgitbe


Did I program the key incorrectly I thought the 1st 12 characters were static??

Statistics: Posted by dion.rowney — Sun Dec 21, 2008 7:03 pm

]]> 2008-12-21T06:54:20+01:00 2008-12-21T06:54:20+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=825#p825 <![CDATA[Re: Programming keys and configuringing server side]]>
Assuming this I installed using these configs and get this in the kms.log file:

2008-12-20 22:10:00: OTP failed: Key authentication failed: Could not parse response, otp=ndnurjtddcgdfbcrhubneefdgikhrtuc12345 by 192.168.100.13

I even tried without the PIN concatinated and get the same:

2008-12-20 23:52:47: OTP failed: Key authentication failed: Could not parse response, otp=rguvvirtcdchgrkkkghbdvihgflivcgh by 192.168.100.13

ideas?

Statistics: Posted by dion.rowney — Sun Dec 21, 2008 6:54 am

]]> 2008-12-16T16:13:27+01:00 2008-12-16T16:13:27+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=821#p821 <![CDATA[Re: Programming keys and configuringing server side]]>
    1)Pin for two factor authentication : 12345
    2)AES secret Key: yubicovalidationserver (Base64 encoded output: eXViaWNvdmFsaWRhdGlvbnNlcnZlcg== )
    3)Random Secret: YubicoYubikey (Base64 encoded output: WXViaWNvWXViaWtleQ==)
    4)MySQL Database Server hostname: sql.test.com
    5)MySQL User name : yubico
    6)MySQL User password: test123
    7)MySQL Database name: yubikey
    8)Root Email Address: admin@test.com
    9)Apache http document root: /var/www/html

The content of yubiphpbase config.php based on above parameters would be:

Code:
<?php
/******************************************************
 *
 *      Customize EVERY parameter for your environment
 *
 ******************************************************/

//// AES secrets
//
$aesParams = array ();

/******* Erase this section after installation *******/
*

// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';
$otp = 'vrkvfefuitvfiuibirllecjgbbnfhhirchithtvfrrbd';

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '12345';

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = 'eXViaWNvdmFsaWRhdGlvbnNlcnZlcg==';

*
********** End of section to erase after installation *******/

// Make up a random secret to encrypt data in DB in b64 format
// Eg. $aesParams['__ENC_KEY_SECRET__'] = 'gklftrkvbvcbfhdafbedtjerrbbcgkuk';
$aesParams['__ENC_KEY_SECRET__'] = 'WXViaWNvWXViaWtleQ==';

//// DB, email and web related
//
$baseParams = array ();
$baseParams['__DB_HOST__'] = 'sql.test.com';   
$baseParams['__DB_USER__'] = 'yubico';
$baseParams['__DB_PW__'] = 'test123';
$baseParams['__DB_NAME__'] = 'yubikey';

// Eg. $baseParams['__ROOT_EMAIL__'] = 'support@yubico.com'; 
$baseParams['__ROOT_EMAIL__'] = 'admin@test.com';

$baseParams['__ORDER_URL__'] = 'http://yubico.com/products/order/';
$baseParams['__DOMAIN__'] = 'localhost';

// Eg. $baseParams['__DOC_ROOT__'] = '/apache/htdocs/'
$baseParams['__DOC_ROOT__'] = '/var/www/html';

//// Validation server
//

$valParams = array ();
$valParams['__VAL_URL__'] = 'http://localhost/wsapi/verify.php?id=';

//// HTML related
//
$headParams = array ();
$headParams['__SHORTCUT_ICON_URL__'] = 'http://localhost/kms/images/favicon.ico';

//// KMS admin activation welcome letter
//
$letterParams = array ();
$letterParams['__KMS_URL__'] = 'http://localhost/kms';

?>




As the AES key generated using the "ykpersonalize" tool is modhex encoded, we need to first decode (modhex decode) the AES key, then convert the decoded key to base64 encoded format and store it into the config.php file.

We are currently upgrading Yubico personalization tool and Yubico Management Server. The new versions would be released soon which would address all the above mentioned issues.

Statistics: Posted by network-marvels — Tue Dec 16, 2008 4:13 pm

]]> 2008-12-14T21:53:38+01:00 2008-12-14T21:53:38+01:00 https://forum.yubico.com/viewtopic.php?t=212&p=820#p820 <![CDATA[Programming keys and configuringing server side]]>
I have successfully been able to program my key using the linux key personalizer and verified it with the ./ykdebug utility. I am now trying to configure the server and think I am doing all the right things but it doesnt want to cooperate.

I am hoping someone can help by showing me what I am doing wrong. Here is the programming of the key and the config file. Please show me what it should be based on the programmin og the key portion:
Code:
root@eee:~/yubikey-personalization-read-only# ./ykpersonalize -ouid=abc123
Passphrase to create AES key: secretstuff
Firmware version 1.3.0 Touch level 9328 Program sequence 21
fixed:
uid:hbhdheebedee
key:hljcnnigitbvbfliftdrdukrgkehiikh
acc_code:cccccccccccc
ticket_flags:APPEND_CR
config_flags:
root@eee:~/yubikey-personalization-read-only# rmmod usbhid && modprobe usbhid
root@eee:~/yubikey-personalization-read-only# cd ../yubico-c-read-only/
root@eee:~/yubico-c-read-only# ls
aclocal.m4      configure.ac   Makefile     README            ykdebug.o
AUTHORS         COPYING        Makefile.am  selftest          yubikey.c
autom4te.cache  depcomp        Makefile.in  selftest.c        yubikey.h
config.guess    INSTALL        missing      selftest.o        yubikey.lo
config.log      install-sh     modhex       simple.mk         yubikey.o
config.status   libtool        modhex.c     test-vectors.txt
config.sub      libyubikey.la  modhex.o     ykdebug
configure       ltmain.sh      NEWS         ykdebug.c
root@eee:~/yubico-c-read-only# ./ykdebug hljcnnigitbvbfliftdrdukrgkehiikh kkrhgicjgvdlklcgecthkuneevniuild
Input:
  token: kkrhgicjgvdlklcgecthkuneevniuild
          99 c6 57 08 5f 2a 9a 05 30 d6 9e b3 3f b7 e7 a2
  aeskey: hljcnnigitbvbfliftdrdukrgkehiikh
          6a 80 bb 75 7d 1f 14 a7 4d 2c 2e 9c 59 36 77 96
Output:
          61 62 63 31 32 33 01 00 5e 70 d5 00 79 f1 e2 93

Struct:
  uid: 61 62 63 31 32 33
  counter: 1 (0x0001)
  timestamp (low): 28766 (0x705e)
  timestamp (high): 213 (0xd5)
  session use: 0 (0x00)
  random: 61817 (0xf179)
  crc: 37858 (0x93e2)

Derived:
  cleaned counter: 1 (0x0001)
  modhex uid: hbhdheebedee
  triggered by caps lock: no
  crc: F0B8
  crc check: ok
root@eee:~/yubico-c-read-only#


What should the contents of this yubiphpbase config.php file be given the above:

Code:
/******* Erase this section after installation *******/
*

// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';
$otp = '...enter yours...';

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '...enter yours...';

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = '.....enter yours.....';

*
********** End of section to erase after installation *******/

// Make up a random secret to encrypt data in DB in b64 format
// Eg. $aesParams['__ENC_KEY_SECRET__'] = 'gklftrkvbvcbfhdafbedtjerrbbcgkuk';
$aesParams['__ENC_KEY_SECRET__'] = '.....enter yours.....';

//// DB, email and web related
//
$baseParams = array ();
$baseParams['__DB_HOST__'] = 'localhost';
$baseParams['__DB_USER__'] = '...enter yours...';
$baseParams['__DB_PW__'] = '...enter yours...';
$baseParams['__DB_NAME__'] = '...enter yours...';

// Eg. $baseParams['__ROOT_EMAIL__'] = 'support@yubico.com';
$baseParams['__ROOT_EMAIL__'] = '...enter yours...';


$baseParams['__ORDER_URL__'] = 'http://yubico.com/products/order/';
$baseParams['__DOMAIN__'] = 'localhost';

// Eg. $baseParams['__DOC_ROOT__'] = '/apache/htdocs/'
$baseParams['__DOC_ROOT__'] = '...enter yours...';

//// Validation server
//

$valParams = array ();
$valParams['__VAL_URL__'] = 'http://localhost/wsapi/verify.php?id=';

//// HTML related
//
$headParams = array ();
$headParams['__SHORTCUT_ICON_URL__'] = 'http://localhost/kms/images/favicon.ico';

//// KMS admin activation welcome letter
//
$letterParams = array ();
$letterParams['__KMS_URL__'] = 'http://localhost/kms';



thanks

Statistics: Posted by dion.rowney — Sun Dec 14, 2008 9:53 pm

]]>