[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OATH Toolkit 2.6.11
|
From: |
Simon Josefsson |
|
Subject: |
OATH Toolkit 2.6.11 |
|
Date: |
Thu, 11 Jan 2024 09:39:17 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
This is to announce oath-toolkit-2.6.11, a stable release.
OATH Toolkit provide components to build one-time password
authentication systems. It contains shared C libraries, command line
tools and a PAM module. Supported technologies include the event-based
HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and
Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key
data. OATH stands for Open AuTHentication, which is the organization
that specify the algorithms.
The following components are included:
* liboath: A shared and static C library for OATH handling.
* oathtool: A command line tool for generating and validating OTPs.
* pam_oath: A PAM module for pluggable login authentication for OATH.
* libpskc: A shared and static C library for PSKC handling.
* pskctool: A command line tool for manipulating PSKC data.
The project's web page is available at:
https://www.nongnu.org/oath-toolkit/
Documentation for the command line tools oathtool and pskctool:
https://www.nongnu.org/oath-toolkit/oathtool.1.html
https://www.nongnu.org/oath-toolkit/pskctool.1.html
Tutorial on PSKC:
https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial.html
Manual for PAM module:
https://www.nongnu.org/oath-toolkit/pam_oath.html
Liboath Manual:
https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.h.html
Libpskc Manual
https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html
General information on contributing:
https://www.nongnu.org/oath-toolkit/contrib.html
OATH Toolkit GitLab project page:
https://gitlab.com/oath-toolkit/oath-toolkit
OATH Toolkit Savannah project page:
https://savannah.nongnu.org/projects/oath-toolkit/
Code coverage charts:
https://oath-toolkit.gitlab.io/oath-toolkit/coverage/
Clang code analysis:
https://oath-toolkit.gitlab.io/oath-toolkit/clang-analyzer/
If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:
https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
Here are the compressed sources and a GPG detached signature:
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.11.tar.gz
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.11.tar.gz.sig
Here are the SHA1 and SHA224 checksums:
7e365d0fa892c4d1493585751adaec0ebd07d66e oath-toolkit-2.6.11.tar.gz
a6a91cfe8aa5498d032278aa4e759e39c9b87e04f68aed55a68c9efa
oath-toolkit-2.6.11.tar.gz
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify oath-toolkit-2.6.11.tar.gz.sig
The signature should match the fingerprint of the following key:
pub ed25519 2019-03-20 [SC]
B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE
uid Simon Josefsson <simon@josefsson.org>
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
gpg --locate-external-key simon@josefsson.org
gpg --recv-keys 51722B08FE4745A2
wget -q -O- https://josefsson.org/key-20190320.txt | gpg --import
NEWS
* Version 2.6.11 (released 2024-01-03)
** liboath: Handle invalid base32 encoded secrets. Fixes: #41.
The gnulib update in version 2.6.10 made the base32 encoding functions
reject invalid encodings, but it appears as if these are wildly used.
We now accept invalid encodings again. Thanks to Dorancé Martínez and
Seres Bendegúz for reports.
Happy hacking,
Simon
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- OATH Toolkit 2.6.11,
Simon Josefsson <=