1.\" $OpenBSD: x99token.1,v 1.7 2003/06/10 09:12:13 jmc Exp $ 2.\" 3.\" X9.9 calculator 4.\" This software is provided AS IS with no express or implied warranty 5.\" October 1995, Paul Borman <prb@krystal.com> 6.\" 7.\" Donated to the Public Domain by Paul Borman 8.\" 9.Dd August 1, 2001 10.Dt X99TOKEN 1 11.Os 12.Sh NAME 13.Nm x99token 14.Nd X9.9 software token calculator 15.Sh SYNOPSIS 16.Nm x99token 17.Op Fl d 18.Op Fl i 19.Op Fl k Ar keyfile 20.Op Fl n Ar count 21.Sh DESCRIPTION 22The 23.Nm x99token 24program is a simple X9.9 software token calculator. 25The token is initialized by using the 26.Fl i 27option. 28In this mode, 29.Nm 30requests a key. 31The key consists of 8 bytes encoded in either hex or octal. 32When encoded in hex the key must consist of 16 hex digits, 33no spaces (e.g., "0123456789abcdef"). 34When encoded in octal the key must consist of 8 3-digit octets, 35each separated by exactly one space 36(e.g., "001 010 100 002 020 200 003 030"). 37Once the key is entered, a PIN number is requested. 38The PIN number is used to perturb the key before it is stored in a keyfile. 39This perturbation is not terribly secure. 40You should assume that anyone with access to your 41keyfile will also have access to your key. 42.Pp 43When 44.Fl i 45is not specified, 46.Nm 47is in calculator mode. 48In this mode you must enter the same PIN as used in the initialization step. 49The PIN is used to decode the key read from the keyfile. 50Next you enter the challenge you have been presented with. 51The 52.Nm 53program will provide you with a response to the challenge. 54If the 55.Fl d 56option is used, the response will fold any hex digits to decimal. 57If a 58.Ar count 59is specified by 60.Fl n , 61it indicates the number of challenges to predict. 62The first challenge is always the entered challenge. 63By default the value of 64.Ar count 65is 1, which implies only the entered challenge is resolved. 66.Pp 67Future challenges are predicted by the following algorithm: 68.Bl -bullet -offset indent 69.It 70Encrypt the current challenge with the shared secret key 71.It 72AND each byte of the response with 0x0f 73.It 74Modulo each byte by 10 (0x0a) 75.It 76ADD 0x30 (ASCII value of '0') to each byte 77.El 78.Pp 79The resulting 8 bytes are all ASCII decimal digits and are the 80predicted challenge. 81This process may be repeated. 82.Sh FILES 83.Bl -tag -width $HOME/.keyfile.des -compact 84.It Pa $HOME/.keyfile.des 85default keyfile 86.El 87.Sh SEE ALSO 88.Xr tokenadm 8 , 89.Xr tokeninit 8 90.Sh AUTHORS 91.An Paul Borman Aq prb@krystal.com 92.Sh CAVEATS 93This is a very simple-minded program. 94The keyfile should be placed on a floppy disk which is kept physically secure. 95.Pp 96Having not read the X9.9 standard, this may not be a complete or accurate 97implementation of the standard. 98This software is provided AS IS 99with no express or implied warranty. 100