Yubico Forum

I've created a new C library that uses curl to validate OTPs. It will be used by the PAM module in the future. It contains a nifty command line tool 'ykclient' that can be used to validate OTPs easily. More info at the google code project:

http://code.google.com/p/yubico-c-client/

Have fun,
Simon

Hi Simon --

Do you have any plans to add request signature and reply signature validation to this library?

-- Justin

I don't have patches ready to do it yet, but the library certainly should support that.

Patches welcome.

/Simon

بسم الله الرحمن الرحيم

It is good library,
Could you tell us how to use this library ?
Could you send us a simple test code that use this library ?

Can you please tell me why you use a client id to identify the Yubikey? Isn't this what the 6 byte public id at the beginning of every OTP is for? Or am I getting completely mixed up here.

Hi! There are some instructions at:

http://code.google.com/p/yubico-c-client/wiki/ReadMe

As for code-examples, please see the included self test:

http://code.google.com/p/yubico-c-clien ... selftest.c

And the command line tool:

http://code.google.com/p/yubico-c-clien ... ykclient.c

/Simon

Yup, sort of.

There are two identities:

* The 6 byte (12 modhex characters) public id in the prefix of the OTP.

* The id # for a client that connects to api.yubico.com.

The second identity is needed to retrieve and use the proper HMAC key when signing and verifying requests.

/Simon

And why can't you use the 6 byte public id to identify the HMAC key?

Because the client id doesn't strictly speaking have anything to do with any particular yubikey -- a client can validate OTPs from any yubikey. The client id is the identity of the relationship between api.yubico.com and clients.

/Simon

Of course, I see. thanks for setting me straight.