Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:23 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Fri Sep 11, 2009 2:23 pm 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
Folks,

just to let you know that I finished the alpha version of Yubidrone - a Yubikey emulator that runs on Android 1.5 systems (i.e. T-Mobile G1 akd HTC Dream). Yubidrone is fully compliant with Yubikey version 1 and 2 in OTP mode.

The alpha version emulates one of my (hardware) Yubikeys. It seems to work well with both the Yubicom authentication server and with local systems that employ their own local key database.

Yubidrone can be used as is, you do NOT need to buy a Yubikey. It will work fine with systems that employ a local key database. So, if all you want is a more secure method to log in into your webservers using your Android device, Yubidrone is all you need.

If you want to use Yubidrone with Yubico's authentication servers you still need to buy a 'real' Yubikey first!

Currently, a rather silly procedure is necessary to enable Yubidrone to work with Yubicom's authentication servers: you need to buy a real Yubikey first. Then you generate a new key and secret which you load into the Yubidrone software and upload to the Yubicom server. From that moment on you will be able to use Yubidrone to authenticate against the Yubicom servers. The hardware key will be rendered useless, as it's secret and AES key will be removed from the Yubico database. You can reprogram your otherwise useless hardware key and use it with systems that employ their own authentication server or local database though.

For folks that just want to use Yubidrone it is rather weird to have to buy a hardware key first (which you subsequently never will use). So, I have suggested to Jakob that Yubico creates a new service: purchase of 'virtual tokens'. A virtual token then might be used to automatically install the matching key data (AES secret, internal secret) into Yubidrone.

Starting with the beta versions, Yubidrone source code will be made available to the general public under an Open Source license.

If any readers have an Android phone and wish to test the software, please let me know.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Sep 11, 2009 4:28 pm 
Offline
Site Admin
Site Admin

Joined: Mon Mar 02, 2009 9:51 pm
Posts: 83
Hey, that's a really neat idea. How does it work? I get how it generates the OTP, but how do you use it? Does it integrate with the phones browser? Can the OTP be transferred to your computer (without manually having to type it), and if so does it require a special client be installed? Unfortunately I don't have an Android phone, otherwise I would definitely have liked to try it out.


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 11, 2009 7:55 pm 
Offline

Joined: Fri Sep 11, 2009 7:44 pm
Posts: 1
dain wrote:
Hey, that's a really neat idea. How does it work? I get how it generates the OTP, but how do you use it? Does it integrate with the phones browser? Can the OTP be transferred to your computer (without manually having to type it), and if so does it require a special client be installed? Unfortunately I don't have an Android phone, otherwise I would definitely have liked to try it out.


I will answer you question later on. when I have access to a more convenient work environment. But as you can see. it really works: i am typing this on my android phone. The account 'tinkerbellL actually was created without the aid of a yubikey, only yubidrone was used (and a serial number from a hardware key), Tinkerbell is actually me (fortean) too :-)


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 11, 2009 8:24 pm 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
dain wrote:
Hey, that's a really neat idea. How does it work? I get how it generates the OTP, but how do you use it? Does it integrate with the phones browser? Can the OTP be transferred to your computer (without manually having to type it), and if so does it require a special client be installed? Unfortunately I don't have an Android phone, otherwise I would definitely have liked to try it out.


So, this is me again (as I said above: Tinkerbell is just another alias for me on my Android phone), but now behind my regular computer. Though I am very fond of my G1 and even deliberately bought the old model that still has the extensible keyboard, it still isn't the best of choices if you want to make a long posting and - like I am - are a skilled typist :mrgreen:

To answer your question: yes, it seamlessly integrates with the browser, or with any other application that requires Yubikey input for that matter. It is quite simple: Yubidrone puts the generated key into the paste buffer. You then can simply paste the key in whatever field you need.

For example, how did I create the Tinkerbell account? Well..

I fired up the Android browser and entered the URL of this site. I chose 'register' and filled out the various input fields (name, email, etc.). Then I put my cursor in the field that requires you to press your Yubikey. To 'press' my virtual Yubikey I select the ''home' key on the G1, which brings me to my desktop. Note that the browser will keep on running in the background. I then selected the Yubidrone application and tapped the 'generate' button. Then I tapped 'home' again and selected 'browser'. That brought me back to the page with the cursor stil in the Yubikey field. I did a 'long press' . The regular popup menu will appear: one of the entries says 'Paste'. I chose it and the last generated Yubikey string was pasted into the field. It's that simple!

Currently, the application does not support transmitting it's generated keys to another computer. I probably would be able to figure out how to do that, as the Android actually has a (mini) USB port, but actually I don't really see the need. The only reason I have written Yubidrone is that I wanted to be able to log in into Yubicom secured websites using my G1, not to replace the inexpensive Yubikey with a 300+ dollar Android phone ;)

Yes, you could type over the keys Yubidrone generates to log in on your regular computer - actually, I have done that a few times while developing the software. But as said before: I am a skilled typist and do not need to look at my keyboard while typing, so can type over the strings quite fast and accurately. If you are not a skilled typist, I would not recommend it :shock:

I could add an option to Yubidrone to have it dump let's say 100 keys in a file. You can easily transfer files to your regular PC (it's standard functionality on the G1) and cut and paste your way into Yubikey protected websites - but I don't see the need for it. The 'real' Yubikey is not all that expensive at all so it is much easier just to buy one.


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 25, 2009 3:21 pm 
Offline

Joined: Fri Sep 25, 2009 2:44 pm
Posts: 1
Hello Fortean,

This sounds very cool. I have a HTC Hero and would really like to test it.

We are currently integrating Yubikey with our own SSO platform and it would be awesome to be able to use it from my phone with Yubikey support.

Are there any plans to port this to the iPhone in the near future?


Top
 Profile  
Reply with quote  
 Post subject: The iPhone OTP is ready
PostPosted: Fri Sep 25, 2009 8:15 pm 
Offline

Joined: Fri Sep 18, 2009 6:29 pm
Posts: 3
_bzzy wrote:
Hello Fortean,

This sounds very cool. I have a HTC Hero and would really like to test it.

We are currently integrating Yubikey with our own SSO platform and it would be awesome to be able to use it from my phone with Yubikey support.

Are there any plans to port this to the iPhone in the near future?


Great idea! Mobile phone is the main stream. I think they did the mobile OTP already? Isn't it? Can someone verify it? It looks great on my iPhone.

http://mashedlife.com/otp

Anyway, this is way to go!


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 03, 2009 10:18 am 
Offline

Joined: Tue Nov 03, 2009 10:16 am
Posts: 8
Location: the Netherlands
did you use java to create this program? It might then also work on other (non-android) phones... My employer had the brave idea to select windows based phones (ouch) so I could test this for you. I also have an old symbian 6.0 phone laying around somewhere...

Cheers

Willem

_________________
----
Willem J. Kossen MSc.
LinkedIN


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 03, 2009 5:51 pm 
Offline

Joined: Sun Nov 01, 2009 3:37 am
Posts: 1
I would be interested in testing this app out. I do have an android phone, just send me a msg about where to get it.

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 05, 2009 7:10 pm 
Offline

Joined: Thu Nov 05, 2009 7:06 pm
Posts: 7
Basal wrote:
_bzzy wrote:
.....
http://mashedlife.com/otp

Anyway, this is way to go!


This is exactly what it should be. The human version of OTP should be shorter, by using the same AES secret key.

Finally you got it right!

I tried the short OTP on my iPhone and the long OTP from the USB key which are both generated from the same secret AES key. And both of them works, I'm logged in successfully with or without my USB key.

Good job. Can you share the code somewhere?

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 08, 2011 7:50 pm 
Offline

Joined: Tue Feb 02, 2010 2:05 am
Posts: 12
Is this the same as this app on the Android Market? https://market.android.com/search?q=yubikey
Has anyone tried it? There is a link to a website from the market but I was unable to find any reference to this app at that site, using Google to translate from Japanese.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: YahooSeeker [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group