Yubico Forum
https://forum.yubico.com/

[Q] Develop software that makes challenge/response calls
https://forum.yubico.com/viewtopic.php?f=4&t=2524
Page 1 of 1

Author:  bmahf [ Wed Jan 18, 2017 5:58 pm ]
Post subject:  [Q] Develop software that makes challenge/response calls

Newbie to Yubikey development here. I have been given a task that doesn't seem to fit with the way other people are using the YubiKey, and therefore with questions already asked on the net. Looking for some initial information to get started with the project.

My company has invested in two sets of YubiKeys for simple kiosk security. We have both YubiKey Standard (with the dot), and YubiKey 4 (with the Y). Not sure why the decision was made to buy both instead of sticking with one, but I am tasked with implementing dongle security for a kiosk system. I have been reading up on Yubico.com, and have seen were challenge/response can be made against the key. I have downloaded the Yubikey Client API, looked inside of Samples\MFC\x86, and run the MFCTest.exe (reports v1.0 in the About dialog) which, with asynchronous notifications turned on, easily detects the insertion/removal of the YubiKey Standard, but doesn't recognize the YubiKey 4.

Reading further I have found that there seems to be a new way to handle keys by using a connection to a cloud server. This would not work for our project, since the kiosk system may or may not be connected to the internet, at the discretion of the client. So we need a solution which would allow us to quickly noticed the insertion/removal of the dongle, and to make simple challenge requests of it, receiving back its key, and therefore making decisions on whether the dongle is authorized for entry in to secure functionality on the kiosk. We will not be taking a password, at least up front, but would like to configure a group of dongles for one level of security, and another group for a second level. Eventually there may be a third/fourth level implemented, and eventually we may want one or two of these groupings to also be required, per the key received from the dongle, to give a password.

I guess there are a couple initial things I need clarification on here:
1) How do I do simple insertion notification for these keys. I have not been able to find access to a DLL that would give me this functionality.
2) Is there a DLL that would be able to communicate with the YubiKey 4, while also being backward compatible for communicating with the YubiKey Standard?

We are writing for Windows 7 (possibly moving to Windows 8 soon, and the thought has been thrown around that we could eventually find a final home on Centos Linux), and have a mixture of unmanaged C++ and managed C# using VS2010.

Thanks for any help...

Author:  ChrisHalos [ Wed Jan 18, 2017 6:19 pm ]
Post subject:  Re: [Q] Develop software that makes challenge/response calls

I can at least answer #2 for you.

You need version 4.1.0 of the Client API to recognize the YubiKey 4, which you can find here - https://developers.yubico.com/windows-apis/Releases/

The YubiKey 4 was released in November 2015, so the previous versions of the Client API (built before this) will not recognize the YubiKey 4.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/