Yubikey oracle
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
yubikey
.gitignore
README
schema.sql
yoracle.py
yoweb.py

README

Intro
=====
Yoracle is an authenticator for yubikeys. It uses a sqlite database as
backend.

The first time a yubikey is used after it's plugged in you have to
prefix the yubikey token (what you get when you press the button) with
a static password. That password will not have to be used again until
the Yubikey is unplugged and plugged back in.


Prerequisites
=============
* Install web.py from webpy.org (http://webpy.org/download)
   wget http://webpy.org/static/web.py-0.33.tar.gz
   tar xvzf web.py-0.33.tar.gz
   cd web.py-0.33
   sudo python setup.py install

  Also exists in Debian, but Debian Lenny has too old a version.
* Yubikey with a 12 modhex-character id, and know its AES key.
  In this example the key id is "hjhghliehbhu".
    ykpersonalize \
                  -a$(hexdump -n16 /dev/random -e '/1 "%02x"') \
                  -ofixed=hjhghliehbhu
  Modhex is Yubikeys encoding scheme where not all characters are
  allowed. See http://www.yubico.com/developers/modhex/


Installing
==========
* Create key database:
  sqlite3 yoracle.sqlite < schema.sql
* generate generate the hash for the static key for a yubikey
   echo -n myPass123  | sha1sum 
   a230c761d781eaec2a3495d61be8301f42f80d1d  -
* Put your key in the database
  sqlite3 yoracle.sqlite
    insert into yubikey(yubikeyid, aeskey,password, counter,
        counter_session, secret_id, timestamp, passwordok)
        values('xxxaaaxxxaaa',                              -- key ID
                '12312312313212312312312312312312',         -- AES key
                'a230c761d781eaec2a3495d61be8301f42f80d1d', -- static key
                0,0,
                '000000000000', -- key uid. normally 000000000000
                0, 0);
* Configure for user (only needed for local authentication, not yoweb.py)
   echo xxxaaaxxxaaa http://localhost/placeholder?token=%(token)s > ~/.yubikeys
* Test the authentication
  ./yoracle.py
  myusernamehere
  enter password and press yubikey here

  Should return "OK"
* Start a web server authenticator
  ./yoweb.py 8080