linotp.lib.ImportOTP package

Module contents

This file is used used for importing SafeNet (former Aladdin) XML files, that hold the OTP secrets for eToken PASS.

exception linotp.lib.ImportOTP.ImportException(description)[source]

Bases: exceptions.Exception

linotp.lib.ImportOTP.create_static_password(key_hex)[source]

According to yubikey manual 5.5.5 the static-ticket is the same algorith with no moving factors. The msg_hex that is encoded with the aes key is ‘000000000000ffffffffffffffff0f2e’

linotp.lib.ImportOTP.getImportText()[source]
linotp.lib.ImportOTP.getKnownTypes()[source]
linotp.lib.ImportOTP.getTagName(elem)[source]
linotp.lib.ImportOTP.parseOATHcsv(csv)[source]

This function parses CSV data for oath token. The file format is

serial, key, [hotp,totp], [6,8], [30|60], [sha1|sha256|sha512], serial, key, ocra, [ocra-suite]

It imports standard hmac algorithm based tokens

If the seed is 32 bytes long or at the end of the row the hashlib is
defined the tokens hashlib changes to sha265. For seeds with 64 bytes the hashlib is determined as sha512 if not other specified.

It can also import ocra token.

  • The default is hotp
  • if totp is set, the default seconds are 30
  • if ocra is set, an ocra-suite is required
It returns a dictionary:
{
serial: { ‘type’ : xxxx,
‘hmac_key’ : xxxx, ‘hashlib’ : ‘sha1|sha256|sha512’ ‘timeStep’ : xxxx, ‘otplen’ : xxx, ‘ocrasuite’ : xxx }

}

linotp.lib.ImportOTP.parseSafeNetXML(xml)[source]

This function parses XML data of a Aladdin/SafeNet XML file for eToken PASS

It returns a dictionary of
serial : { hmac_key , counter, type }
linotp.lib.ImportOTP.parseYubicoCSV(csv)[source]

This function reads the CSV data as created by the Yubico personalization GUI.

Traditional Format: Yubico OTP,12/11/2013 11:10,1,vvgutbiedkvi,ab86c04de6a3,d26a7c0f85fdda28bd816e406342b214,,,0,0,0,0,0,0,0,0,0,0 OATH-HOTP,11.12.13 18:55,1,cccccccccccc,,916821d3a138bf855e70069605559a206ba854cd,,,0,0,0,6,0,0,0,0,0,0 Static Password,11.12.13 19:08,1,,d5a3d50327dc,0e8e37b0e38b314a56748c030f58d21d,,,0,0,0,0,0,0,0,0,0,0

Yubico Format: # OATH mode 508326,,0,69cfb9202438ca68964ec3244bfa4843d073a43b,,2013-12-12T08:41:07, 1382042,,0,bf7efc1c8b6f23604930a9ce693bdd6c3265be00,,2013-12-12T08:41:17, # Yubico mode 508326,cccccccccccc,83cebdfb7b93,a47c5bf9c152202f577be6721c0113af,,2013-12-12T08:43:17, # static mode 508326,,,9e2fd386224a7f77e9b5aee775464033,,2013-12-12T08:44:34,

column 0: serial column 1: public ID in yubico mode column 2: private ID in yubico mode, 0 in OATH mode, blank in static mode column 3: AES key

BUMMER: The Yubico Format does not contain the information, which slot of the token was written.

If now public ID or serial is given, we can not import the token, as the returned dictionary needs the token serial as a key.

It returns a dictionary with the new tokens to be created:

{
serial: { ‘type’ : yubico,

‘hmac_key’ : xxxx, ‘otplen’ : xxx, ‘description’ : xxx

}

}