x99token - X9.9 software token calculator
x99token [-d] [-i] [-k keyfile] [-n count]
The x99token program is a simple X9.9 software token calculator. The token
is initialized by using the -i option. In this mode,
x99token requests
a key. The key consists of 8 bytes encoded in either
hex or octal.
When encoded in hex the key must consist of 16 hex
digits, no
spaces (e.g., "0123456789abcdef"). When encoded in octal
the key must
consist of 8 3-digit octets, each separated by exactly one
space (e.g.,
"001 010 100 002 020 200 003 030"). Once the key is entered, a PIN number
is requested. The PIN number is used to perturb the key
before it is
stored in a keyfile. This perturbation is not terribly secure. You
should assume that anyone with access to your keyfile will
also have access
to your key.
When -i is not specified, x99token is in calculator mode.
In this mode
you must enter the same PIN as used in the initialization
step. The PIN
is used to decode the key read from the keyfile. Next you
enter the
challenge you have been presented with. The x99token program will provide
you with a response to the challenge. If the -d option
is used, the
response will fold any hex digits to decimal. If a count is
specified by
-n, it indicates the number of challenges to predict. The
first challenge
is always the entered challenge. By default the value
of count is
1, which implies only the entered challenge is resolved.
Future challenges are predicted by the following algorithm:
+o Encrypt the current challenge with the shared secret key
+o AND each byte of the response with 0x0f
+o Modulo each byte by 10 (0x0a)
+o ADD 0x30 (ASCII value of '0') to each byte
The resulting 8 bytes are all ASCII decimal digits and are
the predicted
challenge. This process may be repeated.
$HOME/.keyfile.des default keyfile
tokenadm(8), tokeninit(8)
Paul Borman <prb@krystal.com>
This is a very simple-minded program. The keyfile should be
placed on a
floppy disk which is kept physically secure.
Having not read the X9.9 standard, this may not be a complete or accurate
implementation of the standard. This software is provided
AS IS with no
express or implied warranty.
OpenBSD 3.6 August 1, 2001
[ Back ] |