[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-toolkit-help] OATH Toolkit 1.6.0
From: |
Simon Josefsson |
Subject: |
[OATH-toolkit-help] OATH Toolkit 1.6.0 |
Date: |
Tue, 22 Feb 2011 19:59:33 +0100 |
User-agent: |
Gnus/5.110013 (No Gnus v0.13) Emacs/23.2 (gnu/linux) |
I finally found time to add TOTP validation to liboath and oathtool
(usersfile and pam_oath will follow later). The new APIs are available
in the GTK-DOC manual:
http://www.nongnu.org/oath-toolkit/reference/liboath-oath.html#oath-totp-validate
The command line tool is used as follows, quoting the updated part of
the man page:
You can validate a TOTP one-time password by supplying the secret and a
window parameter (number of time steps before or after current time):
$ oathtool --totp -w 5 00 `oathtool --totp 00`
0
$
Similar when generating TOTPs, you can use a -N (--now) parameter to
specify the time to use instead of the current time:
$ oathtool --totp --now="2005-03-18 01:58:29 UTC" -w 10000000
3132333435363738393031323334353637383930 89005924
4115227
$
The previous test uses values from the TOTP specification and will
stress test the tool because the expected window is around 4 million
time-steps.
Happy hacking,
Simon
New in this release:
** liboath: Added APIs to perform TOTP validation.
The APIs are oath_totp_validate and oath_totp_validate_callback,
similar to the corresponding HOTP functions.
** liboath: The function type oath_hotp_validate_strcmp_function was
** renamed to oath_validate_strcmp_function.
It is used by both HOTP and TOTP validation. The old name will
continue to work through a compatibility-#define.
** oathtool: Support TOTP validation.
The OATH Toolkit makes it easy to build one-time password
authentication systems. It contains a shared library, a command line
tool and a PAM module. Supported technologies include the event-based
HOTP algorithm (RFC 4226) and the time-based TOTP algorithm
(draft-mraihi-totp-timebased-07). OATH stands for Open
AuTHentication, which is the organization that specify the algorithms.
The components included in the package is:
* liboath: A shared and static C library for OATH handling.
* oathtool: A command line tool for generating and validating OTPs.
* pam_oath: A PAM module for pluggable login authentication for OATH.
The project's web page is available at:
http://www.nongnu.org/oath-toolkit/
Man page for oathtool:
http://www.nongnu.org/oath-toolkit/man-oathtool.html
Manual for PAM module:
http://git.savannah.gnu.org/cgit/oath-toolkit.git/tree/pam_oath/README
Liboath GTK-DOC API Reference manual:
http://www.nongnu.org/oath-toolkit/reference/liboath-oath.html
If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:
http://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
Here are the compressed sources of the entire package:
http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-1.6.0.tar.gz
(1.7MB)
http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-1.6.0.tar.gz.sig
(OpenPGP)
The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:
pub 1280R/B565716F 2002-05-05 [expires: 2011-03-30]
Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F
uid Simon Josefsson <address@hidden>
uid Simon Josefsson <address@hidden>
sub 1280R/4D5D40AE 2002-05-05 [expires: 2011-03-30]
The key is available from:
http://josefsson.org/key.txt
dns:b565716f.josefsson.org?TYPE=CERT
Here are the SHA-1 and SHA-224 checksums:
cbfa8f1479b3dfd5055d01f7ef54ffe044838b87 oath-toolkit-1.6.0.tar.gz
c55c26f9915a2907120fb469ec1b0194a386774102707dae0042b8b4
oath-toolkit-1.6.0.tar.gz
Savannah developer's home page:
https://savannah.nongnu.org/projects/oath-toolkit/
Code coverage charts:
http://www.nongnu.org/oath-toolkit/coverage/
Clang code analysis:
http://www.nongnu.org/oath-toolkit/clang-analyzer/
pgpdoqBrlery1.pgp
Description: PGP signature
- [OATH-toolkit-help] OATH Toolkit 1.6.0,
Simon Josefsson <=