| Yubico Forum https://forum.yubico.com/ |
|
| Problem with understanding HMAC-SHA1 challenge-response https://forum.yubico.com/viewtopic.php?f=16&t=628 |
Page 1 of 1 |
| Author: | jschroettle [ Sat Jan 29, 2011 10:05 pm ] |
| Post subject: | Problem with understanding HMAC-SHA1 challenge-response |
Hi there, I try to integrate HMAC-SHA1 challenge-response into one of my programs. So I set my config #2 to HMAC-SHA1, variable size, NIST test key (3031..43) My first experiments are with the 'Sample YubiClientAPI test container'. When I set the PutBuffer to 'Sample #2' and press 'hmacSha1' I get a different result every time I press the button, but never the NIST vector (0922...) which I should get according to the document 'Yubikey Client COM API' Version 1.0. What am I doing wrong? Why is the result changing and not static? Is the manual wrong or the software? Thank you for your help Josef |
|
| Author: | Jakob [ Sun Jan 30, 2011 3:07 am ] |
| Post subject: | Re: Problem with understanding HMAC-SHA1 challenge-response |
As there is only one buffer for both in- and out transaction, the input data must be written for each request. If sequential HMAC operations are performed, the input data is taken from the previous operation's out data and I guess that is why you experience this behavior. In the sample client container, do the following steps: 1. Set data encoding to Ascii and click PutBuffer. The string "Sample #2" is written to the buffer 2. Set data encoding to hex (you can verify the data in hex by clicking GetBuffer, which then yields VT_BSTR 53616d706c65202332) 3. Check config #2 4. Press hmacSha1 5. The NIST string is displayed in the get field as VT_BSTR 0922d3405faa3d194f82a45830737d5cc6c75d24 The sample is maybe a bit unintuitive here so thanks for pointing this out. We shall update the manual. Please let me know if this solved your problem. Best regards, JakobE Hardware- and firmware guy @ Yubico |
|
| Author: | jschroettle [ Sun Jan 30, 2011 11:59 am ] |
| Post subject: | Re: Problem with understanding HMAC-SHA1 challenge-response |
It works, thank you. I also made the mistake to 'putbuffer' the NIST string in hex encoding. One improvement of the test container could be, that it displays a warning if the user tries to 'putbuffer' something which is not valid according to the current data encoding. Best regards, Josef |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|