1.\" $OpenBSD: x99token.1,v 1.9 2007/05/31 19:20:20 jmc Exp $ 2.\" 3.\" X9.9 calculator 4.\" This software is provided AS IS with no express or implied warranty 5.\" October 1995, Paul Borman <prb@krystal.com> 6.\" 7.\" Donated to the Public Domain by Paul Borman 8.\" 9.Dd $Mdocdate: May 31 2007 $ 10.Dt X99TOKEN 1 11.Os 12.Sh NAME 13.Nm x99token 14.Nd X9.9 software token calculator 15.Sh SYNOPSIS 16.Nm x99token 17.Op Fl d 18.Op Fl k Ar keyfile 19.Op Fl n Ar count 20.Nm x99token 21.Fl i 22.Op Fl k Ar keyfile 23.Sh DESCRIPTION 24The 25.Nm x99token 26program is a simple X9.9 software token calculator. 27The token is initialized by using the 28.Fl i 29option. 30In this mode, 31.Nm 32requests a key. 33The key consists of 8 bytes encoded in either hex or octal. 34When encoded in hex the key must consist of 16 hex digits, 35no spaces (e.g., "0123456789abcdef"). 36When encoded in octal the key must consist of 8 3-digit octets, 37each separated by exactly one space 38(e.g., "001 010 100 002 020 200 003 030"). 39Once the key is entered, a PIN number is requested. 40The PIN number is used to perturb the key before it is stored in a keyfile. 41This perturbation is not terribly secure. 42You should assume that anyone with access to your 43keyfile will also have access to your key. 44.Pp 45When 46.Fl i 47is not specified, 48.Nm 49is in calculator mode. 50In this mode you must enter the same PIN as used in the initialization step. 51The PIN is used to decode the key read from the keyfile. 52Next you enter the challenge you have been presented with. 53The 54.Nm 55program will provide you with a response to the challenge. 56If the 57.Fl d 58option is used, the response will fold any hex digits to decimal. 59If a 60.Ar count 61is specified by 62.Fl n , 63it indicates the number of challenges to predict. 64The first challenge is always the entered challenge. 65By default the value of 66.Ar count 67is 1, which implies only the entered challenge is resolved. 68.Pp 69Future challenges are predicted by the following algorithm: 70.Bl -bullet -offset indent 71.It 72Encrypt the current challenge with the shared secret key 73.It 74AND each byte of the response with 0x0f 75.It 76Modulo each byte by 10 (0x0a) 77.It 78ADD 0x30 (ASCII value of '0') to each byte 79.El 80.Pp 81The resulting 8 bytes are all ASCII decimal digits and are the 82predicted challenge. 83This process may be repeated. 84.Sh FILES 85.Bl -tag -width $HOME/.keyfile.des -compact 86.It Pa $HOME/.keyfile.des 87default keyfile 88.El 89.Sh SEE ALSO 90.Xr tokenadm 8 , 91.Xr tokeninit 8 92.Sh AUTHORS 93.An Paul Borman Aq prb@krystal.com 94.Sh CAVEATS 95This is a very simple-minded program. 96The keyfile should be placed on a floppy disk which is kept physically secure. 97.Pp 98Having not read the X9.9 standard, this may not be a complete or accurate 99implementation of the standard. 100This software is provided AS IS 101with no express or implied warranty. 102