summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/x99token/x99token.1122
1 files changed, 63 insertions, 59 deletions
diff --git a/usr.bin/x99token/x99token.1 b/usr.bin/x99token/x99token.1
index 90dab3a20ba..d5b63605a5e 100644
--- a/usr.bin/x99token/x99token.1
+++ b/usr.bin/x99token/x99token.1
@@ -1,84 +1,88 @@
-.TH X99TOKEN 1 "5 October 1995"
-.SH NAME
-x99token - X9.9 software token calculator
-.SH SYNOPSIS
-.PP
-.B x99token [-d] [-i] [-k keyfile] [-n count]
-.SH DESCRIPTION
+.\" $OpenBSD: x99token.1,v 1.2 2001/08/01 21:36:19 millert Exp $
+.\"
+.Dd August 1, 2001
+.Dt X99TOKEN 1
+.Os
+.Sh NAME
+.Nm x99token
+.Nd X9.9 software token calculator
+.Sh SYNOPSIS
+.Nm x99token
+.Op Fl d
+.Op Fl i
+.Op Fl k Ar keyfile
+.Op Fl n Ar count
+.Sh DESCRIPTION
The
-.B x99token
+.Nm x99token
program is a simple X9.9 software token calculator.
The token is initialized by using the
-.B -i
+.Fl i
option.
In this mode,
-.B x99token
-requests a key. The key consists of 8 bytes encoded in either hex
-or octal. When encoded in hex the key must consist of 16 hex digits,
+.Nm
+requests a key.
+The key consists of 8 bytes encoded in either hex or octal.
+When encoded in hex the key must consist of 16 hex digits,
no spaces (e.g., "0123456789abcdef").
-When encoded in octal the key must consist of 8 3 digit
-octets, each separated by exactly one space
+When encoded in octal the key must consist of 8 3 digit octets,
+each separated by exactly one space
(e.g., "001 010 100 002 020 200 003 030").
-Once the key is entered, a PIN number is requested. The PIN number is
-used to perturb the key before it is stored in a keyfile. This perturbation
-is not terribly secure. You should assume that anyone with access to your
+Once the key is entered, a PIN number is requested.
+The PIN number is used to perturb the key before it is stored in a keyfile.
+This perturbation is not terribly secure.
+You should assume that anyone with access to your
keyfile will also have access to your key.
-.PP
+.Pp
When
-.B -i
+.Fl i
is not specified,
-.B x99token
+.Nm
is in calculator mode.
-In this mode you must enter the same PIN as used above in the initialization
-step. The PIN is used decode the the key read from the keyfile.
-Next you enter the challenge you have been presented.
+In this mode you must enter the same PIN as used in the initialization step.
+The PIN is used decode the the key read from the keyfile.
+Next you enter the challenge you have been presented with.
The
-.B x99token
-program will provide you a response to the challenge. If the
-.B -d
+.Nm
+program will provide you a response to the challenge.
+If the
+.Fl d
option is used, the response will fold any hex digits to decimal.
If a
-.I count
+.Ar count
is specified by
-.B -n ,
-it indicates the number of challenges to predict. The first challenge
-is always the entered challenge. By default the value of
-.I count
+.Fl n ,
+it indicates the number of challenges to predict.
+The first challenge is always the entered challenge.
+By default the value of
+.Ar count
is 1, which implies only the entered challenge is resolved.
-.PP
+.Pp
Future challenges are predicted by the following algorithm:
-.nf
-.sp
-* Encrypt the current challenge with the shared secret key
-
-* AND each byte of the response with 0x0f
-
-* Modulo each byte by 10 (0x0a)
-
-* ADD 0x30 (ASCII value of '0') to each byte
-.fi
-.sp
+.Bl -bullet -offset indent
+.It
+Encrypt the current challenge with the shared secret key
+.It
+AND each byte of the response with 0x0f
+.It
+Modulo each byte by 10 (0x0a)
+.It
+ADD 0x30 (ASCII value of '0') to each byte
+.El
+.Pp
The resulting 8 bytes are all ASCII decimal digits and are the
predicted challenge. This process may be repeated.
-.SH FILES
-.ta 3i
-$HOME/.keyfile.des default keyfile under BSD
-.br
-keyfile.des default keyfle under DOS
-.SH NOTES
+.Sh FILES
+.Bl -tag -width $HOME/.keyfile.des -compact
+.It Pa $HOME/.keyfile.des
+default keyfile
+.El
+.Sh NOTES
This is a very simple minded program. It is recommended that the
keyfile be placed on a floppy disk which you keep physically secure.
-Under DOS the keyfile is marked as both a hidden and system file.
-When used with BSD/OS 3.0 or beyond, the token authentication type
-supplies the appropriate challenges and initialization information.
-.PP
+.Pp
Having not read the X9.9 standard, this may not be complete or accurate
implementation of that standard. This software is provided AS IS
with no express or implied warranty.
-.SH AUTHOR
+.Sh AUTHOR
Paul Borman <prb@krystal.com>
-.SH CREDITS
-This code uses the publicly available des library written by Phil Karn, KA9Q.
-The decryption code from Phil's library has been removed to allow
-.B x99token
-to be free of export restrictions (as it can only encrypt and not decrypt).