LinOTP 2.7 documentation
previous | next | index

6.1. Import tokens

When you are using preseeded hardware tokens, where the seed was implanted in the factory, you will also get a file, that contains the serial numbers of the tokens and the corresponding seeds.

Warning

Please assure that no unauthorized person gets possession on those seeds.

LinOTP can import man different seed files directly.

The GTK management client can import Aladdin/SafeNet XML files.

The Web management client can import

  • Aladdin/SafeNet XML files,
  • OATH compliant PSKC files,
  • simple CSV files for OATH (HOTP and TOTP) tokens
  • and Vasco DPX files.

Note

If some very special file format is not supported it can be converted before importing the data.

Note

SafeNet Tokens often get delivered with a .dat file. This file can be converted with a linotp tool convert-token.pl.

6.1.1. Importing tokens with the GTK client

../../_images/import.png

Importing Aladdin XML files with the GTK client

To import a file in the GTK client do the following:

  1. Click the button “import tokenfile” in the left lower corner of the main window.
  2. A file choosing dialog will pop up. Choose the corresponding file.
  3. The progress of the import will be displayed and the tokens will be listed in the tab “Token” of the main window.

6.1.2. Importing tokens with the Web UI

The Web management client can import more different token files.

../../_images/import-web.png

Importing token files with the Web management client

From the dropdown menu you can choose, which type of token file you wish to import.

6.1.2.1. Importing PSKC files

PSKC (Portable Symmetric Key Container) is defined in RFC 6030 [1] and is used for OATH compliant tokens. OATH is the Initiative for Open Authentication where several vendors meet to use and define open standards to make strong authentication simpler and more compatible.

Note

If a token vendor claims to sell you OATH compliant tokens the vendor must deliver you a compatible PSKC file.

../../_images/import-pskc.png

The PSKC file can contain HOTP or TOTP tokens and the seeds in the file can either be plain text or encrypted with a password or a preshared key.

The OATH standard also defines that the serial numbers of the tokens have to follow a certain naming scheme. Some vendors do not use this scheme, so you either check or uncheck the checkbox Check the serial numbers for OATH compliance.

If you check this checkbox, tokens with non-compliant serial number will not be imported.

In the dropdown box you can choose if the seeds in the PSKC file are plain value, password protected or encrypted with a preshared key. An input field will appear, where you can enter the password or the preshared key.

[1]http://tools.ietf.org/html/rfc6030

6.1.2.2. Importing OATH CSV files

This import dialog can be used to import OATH tokens, that do not provide a PSKC file.

The seeds can be stored in a simple comma separated file.

../../_images/import-oath.png

The fields in the CSV file need to be

  • serial number,
  • seed,
  • type (optional, default=hotp),
  • OTP length (optional, default=6),
  • time step (optional, default=30).

Note

Depending on the length of the seed the token is either imported as an HMAC-SHA1 (40 characters = 160 bit) or an HMAC-SHA256 (64 characters = 256 bit) token.

The file can contain different types of tokens at the same time. So a valid file might look like this:

TS000001, 1f6aeda29fed39a8e2c3fe45c954d9ba93a14af4
TS000002, e3a391658226f63153443bb03a365eb962e1775b, hotp, 8
TS000003, bd15fb2b2c84a3ce56670fe0062b7369a0b8f4d4, totp, 6
TS000004, 881c7498360553b0e51a677ad7daa41b3b390ad5, totp, 8, 60
TS000005, 0eb6597f402151f97726208dc7e94bd541ff56b5a3ff63003c8ff0b6049185d7

The token TS000001 will be imported as a SHA1 HOTP token with 6 digits.

The token TS000002 will be imported as a SHA1 HOTP token with 8 digits.

The token TS000003 will be imported as a SHA1 TOTP token with 6 digits and a time step of 30 seconds.

The token TS000004 will be imported as a SHA1 TOTP token with 8 digits and a time step of 60 seconds.

The token TS000005 will be imported as a SHA256 HOTP token with 6 digits.

6.1.2.3. Importing Tagespasswort files

The Tagespasswort token is a token that displays a password valid for one day. I.e. the user can use this password several times to authenticate during this day. It will change on the next day.

../../_images/import-tagespasswort.png

The file format is fairly simple and just consist of one token per line with the serial number and the seed divided by white spaces.

6.1.2.4. Import Vasco DPX files

../../_images/import-dpx.png

You can import the proprietary Vasco DPX file for the Vasco Digipass tokens.

To import the DPX file and use the Vasco tokens you need to license the Vasco vacman controller library and install it on the LinOTP server.

  • Install the vacman controller library aal2sdk on your system.
  • Locate the shared object file, it might reside at /opt/vasco/VACMAN_Controller-3.11.2/lib/libaal2sdk.so.
  • Now you need to set the variable linotpImport.vasco_dll=/opt/vasco/VACMAN_Controller-3.11.2/lib/libaal2sdk.so in the DEFAULT section in your linotp.ini file.
  • Restart your LinOTP.

Table Of Contents

Search

Enter search terms or a module, class or function name.

previous | next | index
Show Source
© Copyright 2014, LSE Leading Security Experts GmbH. Created using Sphinx 1.1.3.