Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:23 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Validating server output
PostPosted: Sun Jul 24, 2011 12:52 am 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
I am new to all this and just found the API. It was very confusing and I had to look around online to find out that you can do it with a URL. Well I have been able to get it to validate an OTP against the Yubico server API but the h= part is confusing me. With AutoIT I would be able to write a program that passes the users input to the API via a URL and check to see if after status it says "OK". I am assuming the h= is a hash but what is the hash doing and how can it be used?

I assume the private key that is generated when you register for an API thing has something to do with it maybe? Please can someone explain this. Thank you.

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Feb 19, 2012 6:46 pm 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
Wow as I go searching for the answer to this question again, I find myself saying "Poor guy, nobody answered..." only to realise this is my own thread and nobody bothered to provide any help. I am still trying to verify the server result hash. I have used openssl.exe to do an hmac sha1 hash of my api key and the parts of the server result in alphabetical order as stipulated in the documentation, minus the h= one. I then also used openssl.exe to encode the result as base64. I am then left with a result that is too large and looks nothing like the hash in the result from the server.

Would anyone care to attempt to explain "how" to do this process instead of just the fact you need to do it? It is not enough to tell someone "Get in the car and drive according to government guidelines" That does not tell you "how" to actually drive, only that "guidelines" exist for driving.

Help would be appreciated.

Thank you

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 20, 2012 3:06 am 
Offline

Joined: Tue Nov 25, 2008 12:10 am
Posts: 12
It should be as simple as what's in the api documentation. It might help to see an example of what you're trying to do. Obviously, I wouldn't expect you to share your own api key, so maybe an example using a response with the keys in this page: http://demo.yubico.com/php-yubico/demo.php

My gut reaction is that openssl on the command line is garbling something.


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 20, 2012 3:29 am 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
Yeah seems to not be doing what I need it to. What command line programs or what ever do I need in order to be able to verify the hash ? Since I cannot check the certificate for the SSL connection, I need to be able to verify the hash with my API key.

What is the official method of doing this from command line?

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 06, 2012 10:58 am 
The h= is a cryptographic hash of the data in the request/response and provides integrity when SSL is not used.

How to generate and validate the signatures is documented here : http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20

There is a rudimentary command line client called 'ykclient' in the yubico-c-client project at http://code.google.com/p/yubico-c-client/

/Fredrik


Top
  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group