Been meaning to post this for a while. This is a demo script (sadly I have yet to apply it anywhere) that uses the curl extension in php. It signs the request, sends over ssl, and verifies the response signature.
Demo:
http://rikku.vrillusions.com/~vr/yubikey-verify.phpSource:
http://rikku.vrillusions.com/~vr/yubikey-verify.phpsOnly bug I've been noticing is sometimes the sent signature for message I sent comes back from yubico as invalid. It's reproducable enough that it goes no more than 10 times before I'll see it. Not sure if it's on my end or yubico's since I don't think the official libraries verify it. I'm sending everything over ssl so verifying hashes is redundant. I set this up as a most secure way possible. If anyone can figure out how to fix that part I'd be happy to know. Otherwise this library could be useful for people that don't even want to depend on PEAR.
Login
FAQ
Search
and thanks for sharing