Yubico Forum
https://forum.yubico.com/

Intergration of Yubico with PHP
https://forum.yubico.com/viewtopic.php?f=3&t=333
Page 1 of 1

Author:  Yuvaraj [ Mon Jun 08, 2009 12:27 pm ]
Post subject:  Intergration of Yubico with PHP

Hi,

Im New to this yubico , and we are trying to intergrate this with our Login page. can any body help me on how to integrate youbico with PHP. how to use this in offline because some of our client have no internet connection.

Thanks in Advance
Yuvaraj

Author:  network-marvels [ Mon Jun 08, 2009 2:09 pm ]
Post subject:  Re: Intergration of Yubico with PHP

Please visit the following Google code link which provides the PHP class for YubiKey OTP based authentication:

http://code.google.com/p/php-yubico/

You can integrate this class to your existing login system to provide YubiKey OTP based authentication.

To provide offline OTP validation service, you can host your own OTP validation server in your local environment. For more information about the OTP validation server, please visit the following link:

http://www.yubico.com/developers/srv/

We hope this helps !

Author:  Yuvaraj [ Tue Jun 09, 2009 7:55 am ]
Post subject:  Re: Intergration of Yubico with PHP

Hi

Thanks for your reply . i went to that link but it is looping again and again to the same page. how to install yubikey-ksm in windows and linux servers.
i had downloaded the code in the net .


require_once("yubikey.php");
$key = ModHex::Decode("urtubjtnuihvntcreeeecvbregfjibtn");// what is the string for ? where i can get this ?
$token = "dteffujedcflcindvdbrblehecuitvjkjevvehjd"; // Using yubico i got token

$decoded_token = Yubikey::Decode($token, $key);

if ( ! is_array($decoded_token) ) {
die( "DECODING FAILED, $decoded_token\n");
}
else {
// Uncomment to see contents of the decoded array.
// print_r($decoded_token);
}.

Author:  network-marvels [ Tue Jun 09, 2009 10:17 am ]
Post subject:  Re: Intergration of Yubico with PHP

Please use the following Google code link which points to installation documents for "YKKSM" project:

http://code.google.com/p/yubikey-ksm/w/list

Code:
$key = ModHex::Decode("urtubjtnuihvntcreeeecvbregfjibtn");// what is the string for ? where i can get this ?

This is the ModHex encoded AES Key of the YubiKey. As a YubiKey is write-only device, you can not read the AES key stored in the YubiKey. You need to reprogram your YubiKey with the desired AES key using the Yubico Personalization tool and then store it in the "YKKSM" database. For more information about reprogramming your YubiKey, please visit the following link, which provides download links for Yubico Personalization tool and user guide:

http://www.yubico.com/developers/personalization/

Author:  ramonsky [ Thu Jun 25, 2009 10:51 pm ]
Post subject:  Re: Intergration of Yubico with PHP

I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).

Author:  fortean [ Fri Jun 26, 2009 11:32 am ]
Post subject:  Re: Intergration of Yubico with PHP

ramonsky wrote:
I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).


You'll need to require an API id first. There is a webpage (https://api.yubico.com/yms/getapi.php) to do that. You are then assigned a unique ID and an API key. Then, you (preferably your application :) ) can do some GET actions to the Yubicom validation webserver, using your ID and the token received from the other party. The server will validate and return the 'Yes' or 'No' you required (albeit in another format than a strict 'yes' or 'no').

The process has been decribed quite nicely here: http://yubico.com/developers/api/. Hope it helps.

Author:  fortean [ Fri Jun 26, 2009 7:12 pm ]
Post subject:  Re: Intergration of Yubico with PHP

ramonsky wrote:
I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).


Well, allright, as I had to write one myself, why not share it. Note that I choose to put this code in the public domain, folks.

I created this little class and an example. The code works fine with PHP4 (haven't tested with PHP5, but it probably will work too). Probably, the standard classes available to work with HTTP stuff (HttpRequest::*) will do fine too and there is a lot of other code available. Anyway, this is my solution.

PS: to get exactly what you wanted, you can simply test for the value in $r->stat, it is either "OK" - (substitute 'YES' then) or it is not (substitute "NO" then).
PS2: I have put part of the url inside the class, not sure if that was a good decision, but you can change it easily.
PS3: in this snippet the class is part of the file. However, you probably will want to store the class in its own file and 'require_once' it in.
PS4: as said, you'll need to register your own API key (and the OTP in this example is bogus too of course);

Code:
<?php

class yubilala {

  var $hash; var $time; var $stat;

  function set($a,$b,$c)
  {   
      $this->hash=$a; $this->time=$b; $this->stat=$c;
  }

  function yubi_verify($url,$port,$timeout,$id,$otp)
  {
    $fp = fsockopen($url, $port, $errno, $errstr, $timeout);
    if (!$fp) {
      $this->set("","","$errstr ($errno)");
    }
    fputs($fp, "GET /wsapi/verify?id=" . $id . "&otp=" . $otp . "\r\n");
    fputs($fp, "\r\n");
    fflush($fp);

    $buf = '';
    while (!feof($fp)) {
      $buf .= fgets($fp, 128);
    }
    fclose($fp);
    if (ereg("^h=([^ ]*).*t=([^ ]*).*status=([^ ]*).*", $buf, $reg) ) {;
      $this->set( trim($reg[1]),trim($reg[2]),trim($reg[3]));
    } else {
      $this->set("","",'Invalid response from server ' . $url);
    }
  }
}


/** USAGE **/

$r=new yubilala();

// the $otp variable is filled with the output of a yubikey
//
$otp='vvvvvvvvvvvvthktlegjijctflkkklbiggrjrntrehlr';

// acquire your own userid and set its value here:
//
$id='4711';

$r->yubi_verify("api.yubico.com", 80, 5, $id, $otp);

echo "Result: " . $r->stat;

?>


Author:  fortean [ Mon Jun 29, 2009 7:54 am ]
Post subject:  Re: Intergration of Yubico with PHP

[quote="fortean"].. PHP code ..[quote]

As as sidenote: this code does not check for possible man-in-the-middle attacks; to do this you'll need to decipher the 'h' field with your private AES key (which you received when you registered your API id) and verify the decoded contents.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/