Virtual OTP token
From SecuTech Wiki
Virtual token for testing
To create a uinf seed file for testing purposes with the Seed_portal, simply copy paste the following into notepad and save as "something.uinf":
secu_uniotp
STES1234567|0123456789012345678901234567890123456789|0000000000|0000000000|1|2014-01-21 10:06:35|6|050|060|
For a more indepth description, the file format is:
secu_uniotp
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |
...
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |
For testing purposes, virtual tokens can be created this way.
- Serial name: Unique name of tokens
- Secret key: Either 40 hex characters or 20 ascii, for 160bit secret keys
- Counter 1 & 2: unsigned integers
- Token type: 1 = HOTP/event, 2 = TOTP/time, 3 = OCRA/challenge and response
- Date last synchronized: Date and time the uinf file was last synchronized to the token itself
- Digits: Number of digits for the OTP, typically 6 or 8
- Authentication window: Allows the uinf file to define the range of OTP's to attempt authentication with ahead of expected counter
- For example a HOTP token may of been pressed several times by accident, or a TOTP may of drifted
- Timestep: Divisor for current Unix time for TOTP tokens
Requirements:
- The serial name should be no longer then 13 characters, must start with a letter and end with a number.
- Counter 1 and counter 2 can be no greater then: 4294967295 (2^32), it is concatenated to create a 2^64 number, incase a server does not support the full 2^64 counter range.
- Must always be 10 characters long, pad with 0's.
- Date last synchronized must be equal to or greater than "1970-01-01 00:00:00" as that is the start of Unix timestamp.
- Once a secret key format is used (either ASCII or hex), it must stay in that format for the rest of the secret keys.
- ASCII filetype may add additional symbols when saved as txt by text editors, it is recommended to use hex unless a "smart" editor is used. For example, Notepad++ with hex editor can be used to check if the secret key has more characters then 20.
Testing virtual token
The newly created uinf/virtual token can be tested with the UniOTP seed portal, see Seed_portal for more details.