Annotation of src/usr.bin/x99token/x99token.1, Revision 1.3
1.3 ! millert 1: .\" $OpenBSD: x99token.1,v 1.2 2001/08/01 21:36:19 millert Exp $
1.2 millert 2: .\"
3: .Dd August 1, 2001
4: .Dt X99TOKEN 1
5: .Os
6: .Sh NAME
7: .Nm x99token
8: .Nd X9.9 software token calculator
9: .Sh SYNOPSIS
10: .Nm x99token
11: .Op Fl d
12: .Op Fl i
13: .Op Fl k Ar keyfile
14: .Op Fl n Ar count
15: .Sh DESCRIPTION
1.1 millert 16: The
1.2 millert 17: .Nm x99token
1.1 millert 18: program is a simple X9.9 software token calculator.
19: The token is initialized by using the
1.2 millert 20: .Fl i
1.1 millert 21: option.
22: In this mode,
1.2 millert 23: .Nm
24: requests a key.
25: The key consists of 8 bytes encoded in either hex or octal.
26: When encoded in hex the key must consist of 16 hex digits,
1.1 millert 27: no spaces (e.g., "0123456789abcdef").
1.2 millert 28: When encoded in octal the key must consist of 8 3 digit octets,
29: each separated by exactly one space
1.1 millert 30: (e.g., "001 010 100 002 020 200 003 030").
1.2 millert 31: Once the key is entered, a PIN number is requested.
32: The PIN number is used to perturb the key before it is stored in a keyfile.
33: This perturbation is not terribly secure.
34: You should assume that anyone with access to your
1.1 millert 35: keyfile will also have access to your key.
1.2 millert 36: .Pp
1.1 millert 37: When
1.2 millert 38: .Fl i
1.1 millert 39: is not specified,
1.2 millert 40: .Nm
1.1 millert 41: is in calculator mode.
1.2 millert 42: In this mode you must enter the same PIN as used in the initialization step.
43: The PIN is used decode the the key read from the keyfile.
44: Next you enter the challenge you have been presented with.
1.1 millert 45: The
1.2 millert 46: .Nm
47: program will provide you a response to the challenge.
48: If the
49: .Fl d
1.1 millert 50: option is used, the response will fold any hex digits to decimal.
51: If a
1.2 millert 52: .Ar count
1.1 millert 53: is specified by
1.2 millert 54: .Fl n ,
55: it indicates the number of challenges to predict.
56: The first challenge is always the entered challenge.
57: By default the value of
58: .Ar count
1.1 millert 59: is 1, which implies only the entered challenge is resolved.
1.2 millert 60: .Pp
1.1 millert 61: Future challenges are predicted by the following algorithm:
1.2 millert 62: .Bl -bullet -offset indent
63: .It
64: Encrypt the current challenge with the shared secret key
65: .It
66: AND each byte of the response with 0x0f
67: .It
68: Modulo each byte by 10 (0x0a)
69: .It
70: ADD 0x30 (ASCII value of '0') to each byte
71: .El
72: .Pp
1.1 millert 73: The resulting 8 bytes are all ASCII decimal digits and are the
74: predicted challenge. This process may be repeated.
1.2 millert 75: .Sh FILES
76: .Bl -tag -width $HOME/.keyfile.des -compact
77: .It Pa $HOME/.keyfile.des
78: default keyfile
79: .El
1.3 ! millert 80: .Sh SEE ALSO
! 81: .Xr tokenadm 8 ,
! 82: .Xr tokeninit 8
! 83: .Sh AUTHORS
! 84: Paul Borman <prb@krystal.com>
! 85: .Sh CAVEATS
1.1 millert 86: This is a very simple minded program. It is recommended that the
87: keyfile be placed on a floppy disk which you keep physically secure.
1.2 millert 88: .Pp
1.1 millert 89: Having not read the X9.9 standard, this may not be complete or accurate
90: implementation of that standard. This software is provided AS IS
91: with no express or implied warranty.