Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:36 pm

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Aug 26, 2008 5:15 am 

Joined: Sun Aug 24, 2008 3:42 am
Posts: 7
The way the documentation currently reads can and easily gives the impression that to validate the response's signature you actually use the request instead of the response. I think the documentation should be more explicitly about what is needed to generate the signature for the request and what is needed to verify the signature of the response.

When it says

"To verify a signature on a message, follow the same procedure that was used to sign the message and compare the signature in the response to the signature you generated. If the signature values are equal, the signature is correct."

That paragraph doesn't suggest you need to generate the signature using the response content but instead gives the impression that you should use the request.

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Aug 28, 2008 12:22 am 
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
Thanks for pointing it out, steffi, it is revised now on Yubico web site.

The YubiKey Server Guy

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group