1.\" $OpenBSD: x99token.1,v 1.7 2003/06/10 09:12:13 jmc Exp $
2.\"
3.\" X9.9 calculator
4.\" This software is provided AS IS with no express or implied warranty
5.\" October 1995, Paul Borman <prb@krystal.com>
6.\"
7.\" Donated to the Public Domain by Paul Borman
8.\"
9.Dd August 1, 2001
10.Dt X99TOKEN 1
11.Os
12.Sh NAME
13.Nm x99token
14.Nd X9.9 software token calculator
15.Sh SYNOPSIS
16.Nm x99token
17.Op Fl d
18.Op Fl i
19.Op Fl k Ar keyfile
20.Op Fl n Ar count
21.Sh DESCRIPTION
22The
23.Nm x99token
24program is a simple X9.9 software token calculator.
25The token is initialized by using the
26.Fl i
27option.
28In this mode,
29.Nm
30requests a key.
31The key consists of 8 bytes encoded in either hex or octal.
32When encoded in hex the key must consist of 16 hex digits,
33no spaces (e.g., "0123456789abcdef").
34When encoded in octal the key must consist of 8 3-digit octets,
35each separated by exactly one space
36(e.g., "001 010 100 002 020 200 003 030").
37Once the key is entered, a PIN number is requested.
38The PIN number is used to perturb the key before it is stored in a keyfile.
39This perturbation is not terribly secure.
40You should assume that anyone with access to your
41keyfile will also have access to your key.
42.Pp
43When
44.Fl i
45is not specified,
46.Nm
47is in calculator mode.
48In this mode you must enter the same PIN as used in the initialization step.
49The PIN is used to decode the key read from the keyfile.
50Next you enter the challenge you have been presented with.
51The
52.Nm
53program will provide you with a response to the challenge.
54If the
55.Fl d
56option is used, the response will fold any hex digits to decimal.
57If a
58.Ar count
59is specified by
60.Fl n ,
61it indicates the number of challenges to predict.
62The first challenge is always the entered challenge.
63By default the value of
64.Ar count
65is 1, which implies only the entered challenge is resolved.
66.Pp
67Future challenges are predicted by the following algorithm:
68.Bl -bullet -offset indent
69.It
70Encrypt the current challenge with the shared secret key
71.It
72AND each byte of the response with 0x0f
73.It
74Modulo each byte by 10 (0x0a)
75.It
76ADD 0x30 (ASCII value of '0') to each byte
77.El
78.Pp
79The resulting 8 bytes are all ASCII decimal digits and are the
80predicted challenge.
81This process may be repeated.
82.Sh FILES
83.Bl -tag -width $HOME/.keyfile.des -compact
84.It Pa $HOME/.keyfile.des
85default keyfile
86.El
87.Sh SEE ALSO
88.Xr tokenadm 8 ,
89.Xr tokeninit 8
90.Sh AUTHORS
91.An Paul Borman Aq prb@krystal.com
92.Sh CAVEATS
93This is a very simple-minded program.
94The keyfile should be placed on a floppy disk which is kept physically secure.
95.Pp
96Having not read the X9.9 standard, this may not be a complete or accurate
97implementation of the standard.
98This software is provided AS IS
99with no express or implied warranty.
100