Hi I just got got the yubikey and verifies fine when I do the api test. I wanted to get hmac signatures working but I'm not getting it to work, the is always "BAD_SIGNATURE"
I am using php5 to do this. Take the following code as an example (api id, api key, and otp are fictional here)
Code:
<?php
$apiKey = 'dksh3icnsle';
$message = 'id=1&otp=ddkwn3kdlsh3kglskeh3kld';
$signature = hash_hmac('sha1', $message, $apiKey, TRUE);
$signature = base64_encode($signature);
$url = 'http://api.yubico.com/wsapi/verify?'.$message.'&h='.$signature'
// $url becomes http://api.yubico.com/wsapi/verify?id=1&otp=ddkwn3kdlsh3kglskeh3kld&h=ODK20DHD92LSHGKJLSL3KSL
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
The result would have an h and t value and status would be BAD_SIGNATURE
So I registered for an api key and id. I hash id and otp values with my api key (the TRUE at the end returns the raw byte value, I've tried using the hexadecimal representation as well), base64 encode it, and place it at the end of the call. Is there a step I'm missing somewhere?
Login
FAQ
Search
