Annotation of src/usr.bin/x99token/x99token.1, Revision 1.11
1.11 ! tedu 1: .\" $OpenBSD: x99token.1,v 1.10 2013/07/16 00:07:52 schwarze Exp $
1.6 jmc 2: .\"
3: .\" X9.9 calculator
4: .\" This software is provided AS IS with no express or implied warranty
5: .\" October 1995, Paul Borman <prb@krystal.com>
1.7 jmc 6: .\"
1.6 jmc 7: .\" Donated to the Public Domain by Paul Borman
1.2 millert 8: .\"
1.11 ! tedu 9: .Dd $Mdocdate: July 16 2013 $
1.2 millert 10: .Dt X99TOKEN 1
11: .Os
12: .Sh NAME
13: .Nm x99token
14: .Nd X9.9 software token calculator
15: .Sh SYNOPSIS
16: .Nm x99token
17: .Op Fl d
18: .Op Fl k Ar keyfile
19: .Op Fl n Ar count
1.8 jmc 20: .Nm x99token
21: .Fl i
22: .Op Fl k Ar keyfile
1.2 millert 23: .Sh DESCRIPTION
1.1 millert 24: The
1.2 millert 25: .Nm x99token
1.1 millert 26: program is a simple X9.9 software token calculator.
27: The token is initialized by using the
1.2 millert 28: .Fl i
1.1 millert 29: option.
30: In this mode,
1.2 millert 31: .Nm
32: requests a key.
33: The key consists of 8 bytes encoded in either hex or octal.
34: When encoded in hex the key must consist of 16 hex digits,
1.1 millert 35: no spaces (e.g., "0123456789abcdef").
1.5 millert 36: When encoded in octal the key must consist of 8 3-digit octets,
1.2 millert 37: each separated by exactly one space
1.1 millert 38: (e.g., "001 010 100 002 020 200 003 030").
1.2 millert 39: Once the key is entered, a PIN number is requested.
40: The PIN number is used to perturb the key before it is stored in a keyfile.
41: This perturbation is not terribly secure.
42: You should assume that anyone with access to your
1.1 millert 43: keyfile will also have access to your key.
1.2 millert 44: .Pp
1.1 millert 45: When
1.2 millert 46: .Fl i
1.1 millert 47: is not specified,
1.2 millert 48: .Nm
1.1 millert 49: is in calculator mode.
1.2 millert 50: In this mode you must enter the same PIN as used in the initialization step.
1.5 millert 51: The PIN is used to decode the key read from the keyfile.
1.2 millert 52: Next you enter the challenge you have been presented with.
1.1 millert 53: The
1.2 millert 54: .Nm
1.5 millert 55: program will provide you with a response to the challenge.
1.2 millert 56: If the
57: .Fl d
1.1 millert 58: option is used, the response will fold any hex digits to decimal.
59: If a
1.2 millert 60: .Ar count
1.1 millert 61: is specified by
1.2 millert 62: .Fl n ,
63: it indicates the number of challenges to predict.
64: The first challenge is always the entered challenge.
65: By default the value of
66: .Ar count
1.1 millert 67: is 1, which implies only the entered challenge is resolved.
1.2 millert 68: .Pp
1.1 millert 69: Future challenges are predicted by the following algorithm:
1.2 millert 70: .Bl -bullet -offset indent
71: .It
72: Encrypt the current challenge with the shared secret key
73: .It
74: AND each byte of the response with 0x0f
75: .It
76: Modulo each byte by 10 (0x0a)
77: .It
78: ADD 0x30 (ASCII value of '0') to each byte
79: .El
80: .Pp
1.1 millert 81: The resulting 8 bytes are all ASCII decimal digits and are the
1.7 jmc 82: predicted challenge.
83: This process may be repeated.
1.2 millert 84: .Sh FILES
85: .Bl -tag -width $HOME/.keyfile.des -compact
86: .It Pa $HOME/.keyfile.des
87: default keyfile
88: .El
1.3 millert 89: .Sh SEE ALSO
90: .Xr tokenadm 8 ,
91: .Xr tokeninit 8
92: .Sh AUTHORS
1.10 schwarze 93: .An Paul Borman Aq Mt prb@krystal.com
1.3 millert 94: .Sh CAVEATS
1.7 jmc 95: This is a very simple-minded program.
1.11 ! tedu 96: The keyfile should be placed on a flash disk which is kept physically secure.
1.2 millert 97: .Pp
1.4 espie 98: Having not read the X9.9 standard, this may not be a complete or accurate
1.7 jmc 99: implementation of the standard.
1.4 espie 100: This software is provided AS IS
1.1 millert 101: with no express or implied warranty.