X99TOKEN(1) - General Commands Manual

X99TOKEN(1) - General Commands Manual #

X99TOKEN(1) - General Commands Manual

NAME #

x99token - X9.9 software token calculator

SYNOPSIS #

x99token [-d] [-k keyfile] [-n count]
x99token -i [-k keyfile]

DESCRIPTION #

The x99token program is a simple X9.9 software token calculator. The token is initialized by using the -i option. In this mode, x99token requests a key. The key consists of 8 bytes encoded in either hex or octal. When encoded in hex the key must consist of 16 hex digits, no spaces (e.g., “0123456789abcdef”). When encoded in octal the key must consist of 8 3-digit octets, each separated by exactly one space (e.g., “001 010 100 002 020 200 003 030”). Once the key is entered, a PIN number is requested. The PIN number is used to perturb the key before it is stored in a keyfile. This perturbation is not terribly secure. You should assume that anyone with access to your keyfile will also have access to your key.

When -i is not specified, x99token is in calculator mode. In this mode you must enter the same PIN as used in the initialization step. The PIN is used to decode the key read from the keyfile. Next you enter the challenge you have been presented with. The x99token program will provide you with a response to the challenge. If the -d option is used, the response will fold any hex digits to decimal. If a count is specified by -n, it indicates the number of challenges to predict. The first challenge is always the entered challenge. By default the value of count is 1, which implies only the entered challenge is resolved.

Future challenges are predicted by the following algorithm:

  • Encrypt the current challenge with the shared secret key

  • AND each byte of the response with 0x0f

  • Modulo each byte by 10 (0x0a)

  • ADD 0x30 (ASCII value of ‘0’) to each byte

The resulting 8 bytes are all ASCII decimal digits and are the predicted challenge. This process may be repeated.

FILES #

$HOME/.keyfile.des

default keyfile

SEE ALSO #

tokenadm(8), tokeninit(8)

AUTHORS #

Paul Borman <prb@krystal.com>

CAVEATS #

This is a very simple-minded program. The keyfile should be placed on a flash disk which is kept physically secure.

Having not read the X9.9 standard, this may not be a complete or accurate implementation of the standard. This software is provided AS IS with no express or implied warranty.

OpenBSD 7.5 - July 9, 2014