1*6c56199fStedu.\" $OpenBSD: x99token.1,v 1.11 2014/07/09 23:16:10 tedu Exp $ 25d4f1f7eSjmc.\" 35d4f1f7eSjmc.\" X9.9 calculator 45d4f1f7eSjmc.\" This software is provided AS IS with no express or implied warranty 55d4f1f7eSjmc.\" October 1995, Paul Borman <prb@krystal.com> 65d4f1f7eSjmc.\" 75d4f1f7eSjmc.\" Donated to the Public Domain by Paul Borman 8e39965b1Smillert.\" 9*6c56199fStedu.Dd $Mdocdate: July 9 2014 $ 10e39965b1Smillert.Dt X99TOKEN 1 11e39965b1Smillert.Os 12e39965b1Smillert.Sh NAME 13e39965b1Smillert.Nm x99token 14e39965b1Smillert.Nd X9.9 software token calculator 15e39965b1Smillert.Sh SYNOPSIS 16e39965b1Smillert.Nm x99token 17e39965b1Smillert.Op Fl d 18e39965b1Smillert.Op Fl k Ar keyfile 19e39965b1Smillert.Op Fl n Ar count 2005343367Sjmc.Nm x99token 2105343367Sjmc.Fl i 2205343367Sjmc.Op Fl k Ar keyfile 23e39965b1Smillert.Sh DESCRIPTION 24b573928fSmillertThe 25e39965b1Smillert.Nm x99token 26b573928fSmillertprogram is a simple X9.9 software token calculator. 27b573928fSmillertThe token is initialized by using the 28e39965b1Smillert.Fl i 29b573928fSmillertoption. 30b573928fSmillertIn this mode, 31e39965b1Smillert.Nm 32e39965b1Smillertrequests a key. 33e39965b1SmillertThe key consists of 8 bytes encoded in either hex or octal. 34e39965b1SmillertWhen encoded in hex the key must consist of 16 hex digits, 35b573928fSmillertno spaces (e.g., "0123456789abcdef"). 36597dd1afSmillertWhen encoded in octal the key must consist of 8 3-digit octets, 37e39965b1Smillerteach separated by exactly one space 38b573928fSmillert(e.g., "001 010 100 002 020 200 003 030"). 39e39965b1SmillertOnce the key is entered, a PIN number is requested. 40e39965b1SmillertThe PIN number is used to perturb the key before it is stored in a keyfile. 41e39965b1SmillertThis perturbation is not terribly secure. 42e39965b1SmillertYou should assume that anyone with access to your 43b573928fSmillertkeyfile will also have access to your key. 44e39965b1Smillert.Pp 45b573928fSmillertWhen 46e39965b1Smillert.Fl i 47b573928fSmillertis not specified, 48e39965b1Smillert.Nm 49b573928fSmillertis in calculator mode. 50e39965b1SmillertIn this mode you must enter the same PIN as used in the initialization step. 51597dd1afSmillertThe PIN is used to decode the key read from the keyfile. 52e39965b1SmillertNext you enter the challenge you have been presented with. 53b573928fSmillertThe 54e39965b1Smillert.Nm 55597dd1afSmillertprogram will provide you with a response to the challenge. 56e39965b1SmillertIf the 57e39965b1Smillert.Fl d 58b573928fSmillertoption is used, the response will fold any hex digits to decimal. 59b573928fSmillertIf a 60e39965b1Smillert.Ar count 61b573928fSmillertis specified by 62e39965b1Smillert.Fl n , 63e39965b1Smillertit indicates the number of challenges to predict. 64e39965b1SmillertThe first challenge is always the entered challenge. 65e39965b1SmillertBy default the value of 66e39965b1Smillert.Ar count 67b573928fSmillertis 1, which implies only the entered challenge is resolved. 68e39965b1Smillert.Pp 69b573928fSmillertFuture challenges are predicted by the following algorithm: 70e39965b1Smillert.Bl -bullet -offset indent 71e39965b1Smillert.It 72e39965b1SmillertEncrypt the current challenge with the shared secret key 73e39965b1Smillert.It 74e39965b1SmillertAND each byte of the response with 0x0f 75e39965b1Smillert.It 76e39965b1SmillertModulo each byte by 10 (0x0a) 77e39965b1Smillert.It 78e39965b1SmillertADD 0x30 (ASCII value of '0') to each byte 79e39965b1Smillert.El 80e39965b1Smillert.Pp 81b573928fSmillertThe resulting 8 bytes are all ASCII decimal digits and are the 822aeff9fbSjmcpredicted challenge. 832aeff9fbSjmcThis process may be repeated. 84e39965b1Smillert.Sh FILES 85e39965b1Smillert.Bl -tag -width $HOME/.keyfile.des -compact 86e39965b1Smillert.It Pa $HOME/.keyfile.des 87e39965b1Smillertdefault keyfile 88e39965b1Smillert.El 89a99fcd1aSmillert.Sh SEE ALSO 90a99fcd1aSmillert.Xr tokenadm 8 , 91a99fcd1aSmillert.Xr tokeninit 8 92a99fcd1aSmillert.Sh AUTHORS 9376c04420Sschwarze.An Paul Borman Aq Mt prb@krystal.com 94a99fcd1aSmillert.Sh CAVEATS 95597dd1afSmillertThis is a very simple-minded program. 96*6c56199fSteduThe keyfile should be placed on a flash disk which is kept physically secure. 97e39965b1Smillert.Pp 989ea3e997SespieHaving not read the X9.9 standard, this may not be a complete or accurate 999ea3e997Sespieimplementation of the standard. 1009ea3e997SespieThis software is provided AS IS 101b573928fSmillertwith no express or implied warranty. 102