Webseiten-Werkzeuge


Yubikey

Mtgox

The unlock keys for the mtgox yubikey are leaked.

Using yubikey to lock/unlock mate-screensaver

/etc/yubico/call_yubico_cr

#!/usr/bin/env python
import sys
import os
import yubico # install python-yubico
import hmac
import hashlib
 
config = {
	"privkey" : "\xasd PRIVATE KEY \x00",
	"serial"  : 123456,
	"slot"    : 2
}
 
# Look for and initialize the YubiKey
YK = yubico.find_yubikey()
serial = YK.serial()
#print "Version : %s " % YK.version()
#print "Serial  : %i" % serial
 
# Do challenge-response
secret = os.urandom(32)
#print "Sending challenge : %s\n" % repr(secret)
 
response = YK.challenge_response(secret, slot=config['slot'])
hm = hmac.new(config["privkey"], secret, hashlib.sha1)
 
#print "Local calc:\n%s\n" % yubico.yubico_util.hexdump(hm.digest())
#print "Response :\n%s\n" % yubico.yubico_util.hexdump(response)
 
if serial != config["serial"]:
	print >>sys.stderr, "Invalid serial %s != %s" % (serial, config['serial'])
	sys.exit(2)
elif hm.digest() == response:
	sys.exit(0)
else:
	print >>sys.stderr, "Invalid response"
	sys.exit(1)

/etc/yubico/yubico-unlock.sh

#!/bin/sh
TEST=`dirname $0`/call_yubico_cr
 
execute() {
    export DISPLAY=:0
    su -c "bash -c '$*'" XXX___username___XXX
}
 
case "$ACTION" in
    add)
        if $TEST; then
            execute mate-screensaver-command --deactivate    	
            execute mate-screensaver-command --poke
        else
            execute mate-screensaver-command --activate
        fi
        ;;
    remove)
	execute mate-screensaver-command --activate
	;;
    *)
        $TEST && execute mate-screensaver-command --poke
        ;;
esac

/etc/udev/rules.d/70-yubikey.rules

ACTION=="add|remove", SUBSYSTEM=="usb", \
  ENV{ID_MODEL}=="Yubico_Yubikey_II", \
  RUN+="/etc/yubico/yubico-unlock.sh"
artikel/yubikey.txt · Zuletzt geändert: 2015/06/12 15:51 von yvesf