|Please revise the HMAC response verification documentation.
|Page 1 of 1|
|Author:||steffi [ Tue Aug 26, 2008 5:15 am ]|
|Post subject:||Please revise the HMAC response verification documentation.|
The way the documentation currently reads can and easily gives the impression that to validate the response's signature you actually use the request instead of the response. I think the documentation should be more explicitly about what is needed to generate the signature for the request and what is needed to verify the signature of the response.
When it says
"To verify a signature on a message, follow the same procedure that was used to sign the message and compare the signature in the response to the signature you generated. If the signature values are equal, the signature is correct."
That paragraph doesn't suggest you need to generate the signature using the response content but instead gives the impression that you should use the request.
|Author:||paul [ Thu Aug 28, 2008 12:22 am ]|
|Post subject:||Re: Please revise the HMAC response verification documentation.|
Thanks for pointing it out, steffi, it is revised now on Yubico web site.
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group