My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
Updated Apr 01, 2008 by simon75j
Labels: Featured
ReadMeFirst  
overview of Yubico Java client library
Overview

This is the Java client code from Yubico to demonstrate how to use Yubico's web service to validate an OTP generated by your Yubikey.

It includes a

Java class called YubicoClient in the file YubicoClient.java

that your application can use to verify an Yubikey OTP.

NOTE: The first 12 characters is the universally unique Yubikey device ID that

doesn't change, the following characters constitute the OTP.

Integration with Your Application

On the web part:

Eg. In your user login form, add Yubikey as the 2nd factor of authentication

like this:

  • Web User Login Form
Username: Password:
Touch the button on Yubikey:

1) Your application verifies the username and password as usual.

2) After verifying username/password, call YubiClient to verify the

OTP as the 2nd-factor strong authentication.

3) Log the user in or reject the user depends whether the OTP

validation result is true or false.

For demo purposes, the above is enough, you can just validate the OTP and let the user in.

During production time, it is suggested that you create a database table for yubikey to link the user ID (owner of the key) to the Yubikey DeviceId.

--------------+-----------

DeviceId | UserId
--------------+----------- vvfucnlcrrne 1890 abnnloposxxc 4371 bjuilddkfopf 2285 .......... ....

First time when a user plugs in a Yubikey, the DeviceId non-exists in the table, so you ask him/her to register. Verify the OTP to make sure he/she does own that key.

Later, when the user comes back to your site, you can just do the above validation steps 1 - 3 and make sure this is the user that owns the device.

Refer to mashed life that supports Yubikey. That's a good example:

https://mashedlife.com/yubikey.php

Test Yubico validation service with your Yubikey in action using YubicoClient

Usage: runIt.bat Auth_ID OTP

Eg. runIt.bat 32 vvfucnlcrrnejlbuthlktguhclhvegbungldcrefbnku

The binary is at src\com\yubico\YubicoClient.class

0 cd src\

1 Plug Yubikey into your USB port, touch the button to generate the OTP:

C:\yubico> runIt.bat 32 vvfucnlcrrneejllbclujdivivvvlttjgnctncreunhl

OTP verified OK Last response: t=2008-03-26T19:43:27Z0430 status=OK

2 Try reuse the above OTP again, it will fail with the reason 'replayed OTP'.

C:\yubico> runIt.bat 32 vvfucnlcrrneejllbclujdivivvvlttjgnctncreunhl

Failed to verify OTP Last response: t=2008-03-26T19:43:51Z0707 status=REPLAYED_OTP

3 Try enter some invalid OTP, it fails with the reason 'bad OTP'.

C:\yubico> runIt.bat 32 xyxyxyxyxxyxyxyx

Failed to verify OTP Last response: t=2008-03-26T19:47:19Z0301 status=BAD_OTP

System Requirements

Developed and tested on Sun JDK 1.5 which you can get from

http://www.javasoft.com
Support

Visit Yubico.com or

Email tech@yubico.com


Sign in to add a comment
Hosted by Google Code