Re: [OATH-Toolkit-help] OATH Toolkit 2.6.0

[Simon Josefsson]

David Woodhouse <address@hidden> writes:

> On Tue, 2015-05-19 at 22:30 +0200, Simon Josefsson wrote:
>> Can you tell me more how you would use this?  I'm not exactly sure how
>> you could generalize OTP-generation in a library that still makes
>> sense to an application.
>
> The main use case I have in mind is my VPN client. The server may
> require OATH tokens to authenticate. Those *could* be in a hardware
> device, they could be in a PSKC file, they could be in Pledge or
> something else.
>
> My code just detects when the 'password' prompt is actually looking for
> an OTP token (by various heuristics according to the VPN protocol in use
> at the time), and invokes the appropriate back end to generate it.
>
> The back end is specified by the user, of course.
>
> I guess there could be a bunch of similar use cases where client
> authentication can be automated by OATH token generation. I certainly
> wasn't expecting to have to write PC/SC code for myself :)

Thanks.  So how would an ideal API look like?  Does this make sense:

otp_global_init (int flags);
otp_global_deinit (void);
otp_generate_oath_from_pskc (const char *pskcfilename, char **otp);
otp_generate_oath_from_ykneo (const char *accountid, char **otp);
otp_generate_stoken (const char *stokendatabase, char **otp);

Or should the interface be cut at some other abstraction level?

/Simon

signature.asc
Description: PGP signature