Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign up
Yubikey oracle

Cannot retrieve the latest commit at this time.
Type | Name | Latest commit message | Commit time |
---|---|---|---|
Failed to load latest commit information. | |||
![]() |
yubikey | ||
![]() |
.gitignore | ||
![]() |
README | ||
![]() |
schema.sql | ||
![]() |
yoracle.py | ||
![]() |
yoweb.py |
README
Intro ===== Yoracle is an authenticator for yubikeys. It uses a sqlite database as backend. The first time a yubikey is used after it's plugged in you have to prefix the yubikey token (what you get when you press the button) with a static password. That password will not have to be used again until the Yubikey is unplugged and plugged back in. Prerequisites ============= * Install web.py from webpy.org (http://webpy.org/download) wget http://webpy.org/static/web.py-0.33.tar.gz tar xvzf web.py-0.33.tar.gz cd web.py-0.33 sudo python setup.py install Also exists in Debian, but Debian Lenny has too old a version. * Yubikey with a 12 modhex-character id, and know its AES key. In this example the key id is "hjhghliehbhu". ykpersonalize \ -a$(hexdump -n16 /dev/random -e '/1 "%02x"') \ -ofixed=hjhghliehbhu Modhex is Yubikeys encoding scheme where not all characters are allowed. See http://www.yubico.com/developers/modhex/ Installing ========== * Create key database: sqlite3 yoracle.sqlite < schema.sql * generate generate the hash for the static key for a yubikey echo -n myPass123 | sha1sum a230c761d781eaec2a3495d61be8301f42f80d1d - * Put your key in the database sqlite3 yoracle.sqlite insert into yubikey(yubikeyid, aeskey,password, counter, counter_session, secret_id, timestamp, passwordok) values('xxxaaaxxxaaa', -- key ID '12312312313212312312312312312312', -- AES key 'a230c761d781eaec2a3495d61be8301f42f80d1d', -- static key 0,0, '000000000000', -- key uid. normally 000000000000 0, 0); * Configure for user (only needed for local authentication, not yoweb.py) echo xxxaaaxxxaaa http://localhost/placeholder?token=%(token)s > ~/.yubikeys * Test the authentication ./yoracle.py myusernamehere enter password and press yubikey here Should return "OK" * Start a web server authenticator ./yoweb.py 8080