Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:58 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Mon Jun 09, 2008 8:42 pm 
Offline

Joined: Mon Jun 09, 2008 8:37 pm
Posts: 9
Hi - I have two yubikeys - and want two factor authentication to my customer tracking site (for my partner and myself)

I guess I don't understand what the website generated API ID does and how it relates to the OTP from the key.

I am using Simons PHP class code to do the authentication.

I thought the Web API genned ID: was unique to the individual Yubikey - but whether I use the ID generated for my Yubikey or the ID generated for my partners Yubikey and the OTP generated in real time by either Yubikey - it passes and allows the login.

(the OTP authentication is working properly but seems to be independent of the API ID)

So it is working - and you must use a yubikey to login - but I want to tighten it to assign the API ID to a specific user then to be checked against the OTP in realtime from the Yubikey.

thanks - great device


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jun 09, 2008 9:57 pm 
Offline

Joined: Mon Jun 09, 2008 8:37 pm
Posts: 9
ok I figured it out (I think - correct me if Im wrong)

the website genned ID is only used to pull up the shared key used when verifying the OTP against the website.

I realize that I must also store the unique Yubikey ID (the first 12 chars of the OTP that doesnt change) - in my SQL db and search for that too - and verify it against my server side stored username and password and retrieve the website api genned ID - (all first before I fire off the OTP to the Yubico website for final verification)

thanks - its now working exactly as hoped - awesome


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 10, 2008 9:29 am 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Yes, there are a couple of different ID's involved, including at least:

Web Service Client ID: used with the API key id to generate signatures and validate responses from our server. You can generate a new client id and api key from our web pages. We require a valid yubikey output to prevent people from spamming the database.

External ID: The static 12 modhex characters (6 bytes) output as prefix for every output. Allocated randomly.

Internal ID: The static 6 bytes in the encrypted OTP part. Allocated randomly, not the same as the external id.

Hope this helps.

/Simon


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group