Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:04 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Mar 05, 2009 4:20 pm 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
I have decrypted the token and got:

000000000000010063BA01051FAC0C00
0000000000000200000000006EC25E00


Now where is that documentation so I can decode this? It is probably me being blind but I have been looking around the site for about an hour now and can't find it.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Mar 05, 2009 4:39 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can elaborate on which documentation you want. We would provide it ASAP.


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 4:49 pm 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
Hi,

I am looking for information on how to decode the decrypted token (e.g. 0000000000000200000000006EC25E00). Including how the timestamps and crc are used. I think I know how the counter and session use work.

I found this:

Code:
Input:
  token: hknhfjbrjnlnldnhcujvddbikngjrtgh
          69 b6 48 1c 8b ab a2 b6 0e 8f 22 17 9b 58 cd 56
  aeskey: urtubjtnuihvntcreeeecvbregfjibtn
          ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
Output:
          87 92 eb fe 26 cc 13 00 30 c2 00 11 c8 9f 23 c8

Struct:
  uid: 87 92 eb fe 26 cc
  counter: 19 (0x0013)
  timestamp (low): 49712 (0xc230)
  timestamp (high): 0 (0x00)
  session use: 17 (0x11)
  random: 40904 (0x9fc8)
  crc: 51235 (0xc823)


in the readme of the sdk. It mentions that the first 6 bytes are the "uid". Should this be the same as the static string at the beginning of the yk's output when the key is pressed? Mine are all zeros.

Thanks.


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 5:06 pm 
Offline
User avatar

Joined: Fri Feb 13, 2009 5:58 pm
Posts: 17
Location: Heidelberg, Germany
No, the secret ID and the public ID do not have to be the same, although they could, but they shouldn't :D This is just a measure of determining if the public ID, AES cypher and secret ID match together:

Server gets a key - looks up the AES cypher that goes with the public ID
Server decrypts the whole thing with this AES cypher
Server compares secret ID of the decrypted token to the secret ID that belongs to the public ID
If they match, everything's fine, if they don't, the OTP is not valid.

_________________
"Grant me the strength to accept the things that I cannot change,
the courage to change the things I can
and the wisdom to know the difference."


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 5:12 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Here is the link to download the documentation which provides more information on the YubiKey structure:

http://www.yubico.com/files/YubiKey_Security_Review.pdf


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 5:18 pm 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
Is there a way to set the secret id with the personalisation tool?

Also, is there a specification of the crc check somewhere?

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 5:51 pm 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
OK. I think I have the secret ID bit. I think you need to use the sdk in "C:\Program Files\Yubico\YubiKCom SDK"

Correct me if there is a simpler way.


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 05, 2009 8:32 pm 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
any pointers on the crc?


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 06, 2009 7:13 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Please refer to the following Project for the token parsing information and CRC computation:

http://code.google.com/p/yubico-c/

Feel free to write back to us in case you face any problems.


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 06, 2009 9:53 am 
Offline

Joined: Thu May 29, 2008 9:44 am
Posts: 21
Hmm. I was hoping you weren't going to say that. I have been looking in there but I don't really speak c very well.

Quote:
Code:
uint16_t
yubikey_crc16 (const uint8_t *buf, size_t buf_size)
{
  uint16_t m_crc = 0xffff;

  while (buf_size--)
    {
      int i, j;
      m_crc ^= (uint8_t) * buf++ & 0xFF;
      for (i = 0; i < 8; i++)
   {
     j = m_crc & 1;
     m_crc >>= 1;
     if (j)
       m_crc ^= 0x8408;
   }
    }

  return m_crc;
}



Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group