Old Safeword .DAT files
22 views
Skip to first unread message
Aaron McCrea
May 19, 2016, 3:08:53 PM5/19/16
to privacyidea
Hello,
I am working on importing Safeword tokens into PrivacyIdea. I was able to import one set of tokens successfully, as I had both an XML file and a .DAT file that was compatible with the LinOTP conversion script (linotp-convert-token). But I also have many older safeword tokens with .dat files that are not in a format that the LinOTP script can convert.
Here is an example of the data in the files:
Line1:
00000000
Line2:
(000000000000)
Line3:
00000000,$$S2K-C275620$$,$$S2K-C275620$$,$$$$,00000000,00000000,00000000,$$S/N:C275620 Host #:0 08:07 11/1/05$$,,OFF,OFF,OFF,OFF,ON,,OFF,1000000,0,00:00 1/1/80,,,,,MoTuWeThFrSaSu,1,S,$$$$,DES-Silver;DES-Silver;ON;6;ON;OFF;0;EasySync;Synchronous;Friendly;Hex;Hex;0;0;0000000000000000;0;0 0 0;2B053BD8241035;08:07 11/1/05;;;30;0000;0,;,;,010203,000000,000000,Services Allowed;default;;;;;;;;;;;;/bin/csh;;;;;;;;;;;,Services Allowed;default;;;;;;;;;;;;1;;;;;;;;;;;,0,0
Lines4-End of File: (Look just like line 3 with different serial numbers and other data.)
Can these files be used?
Which fields would I need to extact from this example?
We will mostly use FreeOTP, but need some hardware authenticators for the users without smartphones.
Thanks for any help,
Aaron
Cornelius Kölbel
May 19, 2016, 4:11:46 PM5/19/16
to priva...@googlegroups.com
Hello Aaron,
this looks like a Safeword Silver token.
To my knowledge the silver tokens are not HOTP/TOTP compatible.
The secret key (if it is not encrypted) looks like a 14 byte hex string,
which is 2 x 56bit, which - exactly like the "DES-Silver" indicated a
DES based proprietary algorithm.
Only the Safeword Alphine tokens followed the HOTP RFC4226 spec.
How many tokens are we talking here?
Kind regards
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/aa26ee80-3bf1-45d1-94cf-eaece3c5e8cd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
this looks like a Safeword Silver token.
To my knowledge the silver tokens are not HOTP/TOTP compatible.
The secret key (if it is not encrypted) looks like a 14 byte hex string,
which is 2 x 56bit, which - exactly like the "DES-Silver" indicated a
DES based proprietary algorithm.
Only the Safeword Alphine tokens followed the HOTP RFC4226 spec.
How many tokens are we talking here?
Kind regards
Cornelius
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/aa26ee80-3bf1-45d1-94cf-eaece3c5e8cd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Aaron McCrea
May 19, 2016, 7:06:17 PM5/19/16
to privacyidea
Yes, some of these are Safeword Silver. I seem to not have the .dat files for most of the newer tokens. I think they switched to an integrated activation procedure at some point so that I never see the token import files. Is there a way to export tokens from Safeword 2008?
The number of tokens is around 100 probably. I will like use only a small fraction of that as many of our users have smartphones now.
Thanks,
Aaron
Reply all
Reply to author
Forward
0 new messages