Feitian c200 Encrypted Seed

#1

I’m looking at moving to PrivacyIDEA atm, we have a number of rebranded Feitian c200 hardware tokens which I have the seed data for, however, the seed is apparently HEX encoded and AES-256 encrypted (we were given the encryption password for this when they were bought). However, I’m struggling to figure out what format I need to convert this into for use with PrivacyIDEA. Any help would be really appreciated!

Neil

0 Likes

#2

Hello Neil,
welcome to the privacyIDEA community. It is a good choice to look into moving to privacyIDEA. privacyIDEA will never disallow you to reuse tokens. This is the benefit of well documented open source. Well - you probably will never want to move away! :wink:

Companies like Fortinet rebrand Feitian tokens to ships them with their solutions like the Fortigate. In the case of the Fortigate I know that there is no official way to reuse or export the tokens. Although the seeds are AES encrpyted and you have an encryption password, it is as easy as adding a product specific encryption key (a.k.a. pepper) into the equation

cipher_text = AES(plan_seed, password + secret_pepper) 

and you will (without decompiling the import code) never be able to use the seeds with another application then this very one.

But if your seed-holding old authentication solution can act as a RADIUS server, there is a possiblity to migrate the users smoothly to new tokens (you need to dump the feitian tokens one day, finally)
See https://www.youtube.com/watch?v=vfX5K4YRBWQ

Otherwise you should probably ask on some hacker/crypto channel.

Kind regards
Cornelius

0 Likes