linotp.lib.ImportOTP package

Module contents

This file is used used for importing SafeNet (former Aladdin) XML files, that hold the OTP secrets for eToken PASS.

exception linotp.lib.ImportOTP.ImportException(description)[source]

Bases: exceptions.Exception


According to yubikey manual 5.5.5 the static-ticket is the same algorith with no moving factors. The msg_hex that is encoded with the aes key is ‘000000000000ffffffffffffffff0f2e’


(#653) This function parses CSV data for oath token. The file format is

serial, key, [hotp,totp], [6,8], [30|60], serial, key, ocra, [ocra-suite]

It imports sha1 hotp or totp token. I can also import ocra token. The default is hotp if totp is set, the default seconds are 30 if ocra is set, an ocra-suite is required, otherwise the default ocra-suite is used.

It returns a dictionary:
serial: { ‘type’ : xxxx,
‘hmac_key’ : xxxx, ‘timeStep’ : xxxx, ‘otplen’ : xxx, ‘ocrasuite’ : xxx }



This function parses XML data of a Aladdin/SafeNet XML file for eToken PASS

It returns a dictionary of
serial : { hmac_key , counter, type }

This function reads the CSV data as created by the Yubico personalization GUI.

Traditional Format: Yubico OTP,12/11/2013 11:10,1,vvgutbiedkvi,ab86c04de6a3,d26a7c0f85fdda28bd816e406342b214,,,0,0,0,0,0,0,0,0,0,0 OATH-HOTP,11.12.13 18:55,1,cccccccccccc,,916821d3a138bf855e70069605559a206ba854cd,,,0,0,0,6,0,0,0,0,0,0 Static Password,11.12.13 19:08,1,,d5a3d50327dc,0e8e37b0e38b314a56748c030f58d21d,,,0,0,0,0,0,0,0,0,0,0

Yubico Format: # OATH mode 508326,,0,69cfb9202438ca68964ec3244bfa4843d073a43b,,2013-12-12T08:41:07, 1382042,,0,bf7efc1c8b6f23604930a9ce693bdd6c3265be00,,2013-12-12T08:41:17, # Yubico mode 508326,cccccccccccc,83cebdfb7b93,a47c5bf9c152202f577be6721c0113af,,2013-12-12T08:43:17, # static mode 508326,,,9e2fd386224a7f77e9b5aee775464033,,2013-12-12T08:44:34,

column 0: serial column 1: public ID in yubico mode column 2: private ID in yubico mode, 0 in OATH mode, blank in static mode column 3: AES key

BUMMER: The Yubico Format does not contain the information, which slot of the token was written.

If now public ID or serial is given, we can not import the token, as the returned dictionary needs the token serial as a key.

It returns a dictionary with the new tokens to be created:

serial: { ‘type’ : yubico,

‘hmac_key’ : xxxx, ‘otplen’ : xxx, ‘description’ : xxx