Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:30 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Mon Jun 08, 2009 12:27 pm 
Offline

Joined: Mon Jun 08, 2009 11:59 am
Posts: 2
Hi,

Im New to this yubico , and we are trying to intergrate this with our Login page. can any body help me on how to integrate youbico with PHP. how to use this in offline because some of our client have no internet connection.

Thanks in Advance
Yuvaraj


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jun 08, 2009 2:09 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Please visit the following Google code link which provides the PHP class for YubiKey OTP based authentication:

http://code.google.com/p/php-yubico/

You can integrate this class to your existing login system to provide YubiKey OTP based authentication.

To provide offline OTP validation service, you can host your own OTP validation server in your local environment. For more information about the OTP validation server, please visit the following link:

http://www.yubico.com/developers/srv/

We hope this helps !


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2009 7:55 am 
Offline

Joined: Mon Jun 08, 2009 11:59 am
Posts: 2
Hi

Thanks for your reply . i went to that link but it is looping again and again to the same page. how to install yubikey-ksm in windows and linux servers.
i had downloaded the code in the net .


require_once("yubikey.php");
$key = ModHex::Decode("urtubjtnuihvntcreeeecvbregfjibtn");// what is the string for ? where i can get this ?
$token = "dteffujedcflcindvdbrblehecuitvjkjevvehjd"; // Using yubico i got token

$decoded_token = Yubikey::Decode($token, $key);

if ( ! is_array($decoded_token) ) {
die( "DECODING FAILED, $decoded_token\n");
}
else {
// Uncomment to see contents of the decoded array.
// print_r($decoded_token);
}.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2009 10:17 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Please use the following Google code link which points to installation documents for "YKKSM" project:

http://code.google.com/p/yubikey-ksm/w/list

Code:
$key = ModHex::Decode("urtubjtnuihvntcreeeecvbregfjibtn");// what is the string for ? where i can get this ?

This is the ModHex encoded AES Key of the YubiKey. As a YubiKey is write-only device, you can not read the AES key stored in the YubiKey. You need to reprogram your YubiKey with the desired AES key using the Yubico Personalization tool and then store it in the "YKKSM" database. For more information about reprogramming your YubiKey, please visit the following link, which provides download links for Yubico Personalization tool and user guide:

http://www.yubico.com/developers/personalization/


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 25, 2009 10:51 pm 
Offline

Joined: Thu Jan 22, 2009 10:07 am
Posts: 4
I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 26, 2009 11:32 am 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
ramonsky wrote:
I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).


You'll need to require an API id first. There is a webpage (https://api.yubico.com/yms/getapi.php) to do that. You are then assigned a unique ID and an API key. Then, you (preferably your application :) ) can do some GET actions to the Yubicom validation webserver, using your ID and the token received from the other party. The server will validate and return the 'Yes' or 'No' you required (albeit in another format than a strict 'yes' or 'no').

The process has been decribed quite nicely here: http://yubico.com/developers/api/. Hope it helps.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 26, 2009 7:12 pm 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
ramonsky wrote:
I'm interested in this topic too, as I'm a web developer.

I've read the documentation, but I'm still confused. I don't get all those extra parameters.

All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).


Well, allright, as I had to write one myself, why not share it. Note that I choose to put this code in the public domain, folks.

I created this little class and an example. The code works fine with PHP4 (haven't tested with PHP5, but it probably will work too). Probably, the standard classes available to work with HTTP stuff (HttpRequest::*) will do fine too and there is a lot of other code available. Anyway, this is my solution.

PS: to get exactly what you wanted, you can simply test for the value in $r->stat, it is either "OK" - (substitute 'YES' then) or it is not (substitute "NO" then).
PS2: I have put part of the url inside the class, not sure if that was a good decision, but you can change it easily.
PS3: in this snippet the class is part of the file. However, you probably will want to store the class in its own file and 'require_once' it in.
PS4: as said, you'll need to register your own API key (and the OTP in this example is bogus too of course);

Code:
<?php

class yubilala {

  var $hash; var $time; var $stat;

  function set($a,$b,$c)
  {   
      $this->hash=$a; $this->time=$b; $this->stat=$c;
  }

  function yubi_verify($url,$port,$timeout,$id,$otp)
  {
    $fp = fsockopen($url, $port, $errno, $errstr, $timeout);
    if (!$fp) {
      $this->set("","","$errstr ($errno)");
    }
    fputs($fp, "GET /wsapi/verify?id=" . $id . "&otp=" . $otp . "\r\n");
    fputs($fp, "\r\n");
    fflush($fp);

    $buf = '';
    while (!feof($fp)) {
      $buf .= fgets($fp, 128);
    }
    fclose($fp);
    if (ereg("^h=([^ ]*).*t=([^ ]*).*status=([^ ]*).*", $buf, $reg) ) {;
      $this->set( trim($reg[1]),trim($reg[2]),trim($reg[3]));
    } else {
      $this->set("","",'Invalid response from server ' . $url);
    }
  }
}


/** USAGE **/

$r=new yubilala();

// the $otp variable is filled with the output of a yubikey
//
$otp='vvvvvvvvvvvvthktlegjijctflkkklbiggrjrntrehlr';

// acquire your own userid and set its value here:
//
$id='4711';

$r->yubi_verify("api.yubico.com", 80, 5, $id, $otp);

echo "Result: " . $r->stat;

?>



Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 29, 2009 7:54 am 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
[quote="fortean"].. PHP code ..[quote]

As as sidenote: this code does not check for possible man-in-the-middle attacks; to do this you'll need to decipher the 'h' field with your private AES key (which you received when you registered your API id) and verify the decoded contents.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group