Annotation of src/usr.bin/x99token/x99token.1, Revision 1.6
1.6 ! jmc 1: .\" $OpenBSD: x99token.1,v 1.5 2003/01/16 18:28:10 millert Exp $
! 2: .\"
! 3: .\" X9.9 calculator
! 4: .\" This software is provided AS IS with no express or implied warranty
! 5: .\" October 1995, Paul Borman <prb@krystal.com>
! 6: .\"
! 7: .\" Donated to the Public Domain by Paul Borman
1.2 millert 8: .\"
9: .Dd August 1, 2001
10: .Dt X99TOKEN 1
11: .Os
12: .Sh NAME
13: .Nm x99token
14: .Nd X9.9 software token calculator
15: .Sh SYNOPSIS
16: .Nm x99token
17: .Op Fl d
18: .Op Fl i
19: .Op Fl k Ar keyfile
20: .Op Fl n Ar count
21: .Sh DESCRIPTION
1.1 millert 22: The
1.2 millert 23: .Nm x99token
1.1 millert 24: program is a simple X9.9 software token calculator.
25: The token is initialized by using the
1.2 millert 26: .Fl i
1.1 millert 27: option.
28: In this mode,
1.2 millert 29: .Nm
30: requests a key.
31: The key consists of 8 bytes encoded in either hex or octal.
32: When encoded in hex the key must consist of 16 hex digits,
1.1 millert 33: no spaces (e.g., "0123456789abcdef").
1.5 millert 34: When encoded in octal the key must consist of 8 3-digit octets,
1.2 millert 35: each separated by exactly one space
1.1 millert 36: (e.g., "001 010 100 002 020 200 003 030").
1.2 millert 37: Once the key is entered, a PIN number is requested.
38: The PIN number is used to perturb the key before it is stored in a keyfile.
39: This perturbation is not terribly secure.
40: You should assume that anyone with access to your
1.1 millert 41: keyfile will also have access to your key.
1.2 millert 42: .Pp
1.1 millert 43: When
1.2 millert 44: .Fl i
1.1 millert 45: is not specified,
1.2 millert 46: .Nm
1.1 millert 47: is in calculator mode.
1.2 millert 48: In this mode you must enter the same PIN as used in the initialization step.
1.5 millert 49: The PIN is used to decode the key read from the keyfile.
1.2 millert 50: Next you enter the challenge you have been presented with.
1.1 millert 51: The
1.2 millert 52: .Nm
1.5 millert 53: program will provide you with a response to the challenge.
1.2 millert 54: If the
55: .Fl d
1.1 millert 56: option is used, the response will fold any hex digits to decimal.
57: If a
1.2 millert 58: .Ar count
1.1 millert 59: is specified by
1.2 millert 60: .Fl n ,
61: it indicates the number of challenges to predict.
62: The first challenge is always the entered challenge.
63: By default the value of
64: .Ar count
1.1 millert 65: is 1, which implies only the entered challenge is resolved.
1.2 millert 66: .Pp
1.1 millert 67: Future challenges are predicted by the following algorithm:
1.2 millert 68: .Bl -bullet -offset indent
69: .It
70: Encrypt the current challenge with the shared secret key
71: .It
72: AND each byte of the response with 0x0f
73: .It
74: Modulo each byte by 10 (0x0a)
75: .It
76: ADD 0x30 (ASCII value of '0') to each byte
77: .El
78: .Pp
1.1 millert 79: The resulting 8 bytes are all ASCII decimal digits and are the
80: predicted challenge. This process may be repeated.
1.2 millert 81: .Sh FILES
82: .Bl -tag -width $HOME/.keyfile.des -compact
83: .It Pa $HOME/.keyfile.des
84: default keyfile
85: .El
1.3 millert 86: .Sh SEE ALSO
87: .Xr tokenadm 8 ,
88: .Xr tokeninit 8
89: .Sh AUTHORS
90: Paul Borman <prb@krystal.com>
91: .Sh CAVEATS
1.5 millert 92: This is a very simple-minded program.
1.4 espie 93: The keyfile should be placed on a floppy disk which is kept physically secure.
1.2 millert 94: .Pp
1.4 espie 95: Having not read the X9.9 standard, this may not be a complete or accurate
96: implementation of the standard.
97: This software is provided AS IS
1.1 millert 98: with no express or implied warranty.