Annotation of src/usr.bin/x99token/x99token.1, Revision 1.1
1.1 ! millert 1: .TH X99TOKEN 1 "5 October 1995"
! 2: .SH NAME
! 3: x99token - X9.9 software token calculator
! 4: .SH SYNOPSIS
! 5: .PP
! 6: .B x99token [-d] [-i] [-k keyfile] [-n count]
! 7: .SH DESCRIPTION
! 8: The
! 9: .B x99token
! 10: program is a simple X9.9 software token calculator.
! 11: The token is initialized by using the
! 12: .B -i
! 13: option.
! 14: In this mode,
! 15: .B x99token
! 16: requests a key. The key consists of 8 bytes encoded in either hex
! 17: or octal. When encoded in hex the key must consist of 16 hex digits,
! 18: no spaces (e.g., "0123456789abcdef").
! 19: When encoded in octal the key must consist of 8 3 digit
! 20: octets, each separated by exactly one space
! 21: (e.g., "001 010 100 002 020 200 003 030").
! 22: Once the key is entered, a PIN number is requested. The PIN number is
! 23: used to perturb the key before it is stored in a keyfile. This perturbation
! 24: is not terribly secure. You should assume that anyone with access to your
! 25: keyfile will also have access to your key.
! 26: .PP
! 27: When
! 28: .B -i
! 29: is not specified,
! 30: .B x99token
! 31: is in calculator mode.
! 32: In this mode you must enter the same PIN as used above in the initialization
! 33: step. The PIN is used decode the the key read from the keyfile.
! 34: Next you enter the challenge you have been presented.
! 35: The
! 36: .B x99token
! 37: program will provide you a response to the challenge. If the
! 38: .B -d
! 39: option is used, the response will fold any hex digits to decimal.
! 40: If a
! 41: .I count
! 42: is specified by
! 43: .B -n ,
! 44: it indicates the number of challenges to predict. The first challenge
! 45: is always the entered challenge. By default the value of
! 46: .I count
! 47: is 1, which implies only the entered challenge is resolved.
! 48: .PP
! 49: Future challenges are predicted by the following algorithm:
! 50: .nf
! 51: .sp
! 52: * Encrypt the current challenge with the shared secret key
! 53:
! 54: * AND each byte of the response with 0x0f
! 55:
! 56: * Modulo each byte by 10 (0x0a)
! 57:
! 58: * ADD 0x30 (ASCII value of '0') to each byte
! 59: .fi
! 60: .sp
! 61: The resulting 8 bytes are all ASCII decimal digits and are the
! 62: predicted challenge. This process may be repeated.
! 63: .SH FILES
! 64: .ta 3i
! 65: $HOME/.keyfile.des default keyfile under BSD
! 66: .br
! 67: keyfile.des default keyfle under DOS
! 68: .SH NOTES
! 69: This is a very simple minded program. It is recommended that the
! 70: keyfile be placed on a floppy disk which you keep physically secure.
! 71: Under DOS the keyfile is marked as both a hidden and system file.
! 72: When used with BSD/OS 3.0 or beyond, the token authentication type
! 73: supplies the appropriate challenges and initialization information.
! 74: .PP
! 75: Having not read the X9.9 standard, this may not be complete or accurate
! 76: implementation of that standard. This software is provided AS IS
! 77: with no express or implied warranty.
! 78: .SH AUTHOR
! 79: Paul Borman <prb@krystal.com>
! 80: .SH CREDITS
! 81: This code uses the publicly available des library written by Phil Karn, KA9Q.
! 82: The decryption code from Phil's library has been removed to allow
! 83: .B x99token
! 84: to be free of export restrictions (as it can only encrypt and not decrypt).