Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:06 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 17 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Wed Feb 04, 2009 10:34 am 
Offline

Joined: Tue Jan 27, 2009 10:36 am
Posts: 12
Thank you!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Feb 04, 2009 10:39 am 
Offline

Joined: Tue Jan 27, 2009 10:36 am
Posts: 12
I might have been a bit early shouting success, not sure who to blame here but server-j seems to have problems dealing with 0000-00-00 00:00:00 which is set on the accessed column in the yubikey table when the token is added to the database.

2009-02-04 11:34:55,458 [http-8080-Processor23] WARN com.yubico.wsapi.Database - java.sql.SQLException: Value '0000-00-00' can not be represe nted as java.sql.Date
2009-02-04 11:34:55,458 [http-8080-Processor23] INFO com.yubico.wsapi.KeySubsystem - While checking otp=dbdvkiukuvcevijfdcinjfvcbltcjtunvjhfn jkhtjhe
2009-02-04 11:34:55,458 [http-8080-Processor23] INFO com.yubico.wsapi.KeySubsystem - java.lang.NullPointerException


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 10:49 am 
Offline

Joined: Tue Jan 27, 2009 10:36 am
Posts: 12
I noticed another thing, except that the key added through yms gets BAD_OTP when I try it, it seems like the AES secret in the database is wrong it is almost twice as long as the one I entered, does yms AES encrypt the AES key I enter and if so why?
If I add the key manually I'm able verify the OTP so I guess that yms does something wrong.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 11:08 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
The AES key stored in the YMS database should be base 64 encoded. While using the YMS to enter the AES key, please enter the AES key in base 64 encoded format.

Feel free to write back to us in case you face any problems.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 11:29 am 
Offline

Joined: Tue Jan 27, 2009 10:36 am
Posts: 12
I did cut and paste the b64 encoded key from api.yubico.com/yms to my own yms installation, however the result in my database looks nothing like what I inserted into yms, one interesting thing is that if I base64 decode the key from api.yubico base64 tells me that the input is invalid while base64 have no problem decoding the secret from my own installation.

If I look at the token in yms when It has been manually added using
Code:
mysql yubikey -e "insert into yubikeys(client_id, userId, active, created, accessed, tokenId, secret) values(1,xxx, 1, '`date +"%Y-%m-%d %H:%M:%S"`', '`date +"%Y-%m-%d %H:%M:%S"`', 'base65 yubikeyid', 'base64 AES secret');"

The AES secret information is completely wrong and incomplete but if I add the key using yms it looks alright.

So my guess is that yms encodes the encoded key and then decodes it when displayed in yms, libubikey-client/server-j however does not seem to decode the key that is in the database.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 12:08 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can check the values stored in the database when the AES key is inserted using the YMS and when we manually insert the AES Key into the database. Both the time the AES Key values stored in the database should be same.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 12:35 pm 
Offline

Joined: Tue Jan 27, 2009 10:36 am
Posts: 12
The AES secret stored in the database when adding the token using YMS is 45 chars long and when added using mysql it is 24.

From what I can tell this problem is caused by the AES encryption of the base64 AES key that yms does

If I remove the aesEncrypt($sec) from yubiphpbase/key_lib.php the key is stored in a format that libyubikey-client accepts, the accessed date however is still a problem when it is set to '0000-00-00 00:00:00' and the AES secret shown in YMS is currupted, I guess since it is the AES decoded value of the base64 string.
Code:
function addNewKey($devId64, $active, $sec, $note, $client, $user=-1, $serial='') {
        global $admEmail;
        $usrid = $user > 0 ? $user : base64_encode(time());
        $sn = $serial != '' ? $serial : nextSerial();
        $stmt = 'INSERT INTO yubikeys '.
          '(client_id,active,created,tokenId,userId,secret,counter,low,high,notes,serial) VALUES ('.
                $client.','.
                $active.','.
                'NOW(),'.
                mysql_quote($devId64).','.
                mysql_quote($usrid).','.
                mysql_quote($sec).','.
                '0,'.
                '0,'.
                '0,'.
                mysql_quote($note).','.
                mysql_quote($sn).
                ')';
        writeLog($stmt);
        if (!query($stmt)) {
                $err = 'Failed to add a new key, devId='.$devId64.' for client '.$client;
                writeLog($err);
                sendMail($admEmail, 'Failed to add a new yubikey', $err, $admEmail);
                return null;
        }
        $a = array();
        $a['keyid'] = mysql_insert_id();
        $a['sn'] = $sn;
        $a['usrid'] = $usrid;
        return $a;
}


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page Previous  1, 2

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group