Old Safeword .DAT files

Question
1

Hello,

I am working on importing Safeword tokens into PrivacyIdea. I was able to
import one set of tokens successfully, as I had both an XML file and a .DAT
file that was compatible with the LinOTP conversion script
(linotp-convert-token). But I also have many older safeword tokens with
.dat files that are not in a format that the LinOTP script can convert.

Here is an example of the data in the files:

Line1:
00000000

Line2:
(000000000000)

Line3:
00000000,$$S2K-C275620$$,$$S2K-C275620$$,$$$$,00000000,00000000,00000000,$$S/N:C275620
Host #:0 08:07 11/1/05$$,OFF,OFF,OFF,OFF,ON,OFF,1000000,0,00:00
1/1/80,MoTuWeThFrSaSu,1,S,$$$$,DES-Silver;DES-Silver;ON;6;ON;OFF;0;EasySync;Synchronous;Friendly;Hex;Hex;0;0;0000000000000000;0;0
0 0;2B053BD8241035;08:07
11/1/05;;;30;0000;0,;,;,010203,000000,000000,Services
Allowed;default;;;;;;;;;;;;/bin/csh;;;;;;;;;;;,Services
Allowed;default;;;;;;;;;;;;1;;;;;;;;;;;,0,0

Lines4-End of File: (Look just like line 3 with different serial numbers
and other data.)

Can these files be used?

Which fields would I need to extact from this example?

We will mostly use FreeOTP, but need some hardware authenticators for the
users without smartphones.

Thanks for any help,

Aaron

2

Yes, some of these are Safeword Silver. I seem to not have the .dat files
for most of the newer tokens. I think they switched to an integrated
activation procedure at some point so that I never see the token import
files. Is there a way to export tokens from Safeword 2008?

The number of tokens is around 100 probably. I will like use only a small
fraction of that as many of our users have smartphones now.

Thanks,

AaronOn Thursday, May 19, 2016 at 1:11:46 PM UTC-7, Cornelius Kölbel wrote:

Hello Aaron,

this looks like a Safeword Silver token.
To my knowledge the silver tokens are not HOTP/TOTP compatible.
The secret key (if it is not encrypted) looks like a 14 byte hex string,
which is 2 x 56bit, which - exactly like the “DES-Silver” indicated a
DES based proprietary algorithm.

Only the Safeword Alphine tokens followed the HOTP RFC4226 spec.

How many tokens are we talking here?

Kind regards
Cornelius

Am Donnerstag, den 19.05.2016, 12:08 -0700 schrieb Aaron McCrea:

Hello,

I am working on importing Safeword tokens into PrivacyIdea. I was able
to import one set of tokens successfully, as I had both an XML file
and a .DAT file that was compatible with the LinOTP conversion script
(linotp-convert-token). But I also have many older safeword tokens
with .dat files that are not in a format that the LinOTP script can
convert.

Here is an example of the data in the files:

Line1:
00000000

Line2:
(000000000000)

Line3:
00000000,$$S2K-C275620$$,$$S2K-C275620$$,
$$$$,00000000,00000000,00000000,$$S/N:C275620 Host #:0 08:07 11/1/05
$$,OFF,OFF,OFF,OFF,ON,OFF,1000000,0,00:00
1/1/80,MoTuWeThFrSaSu,1,S,

$$$$,DES-Silver;DES-Silver;ON;6;ON;OFF;0;EasySync;Synchronous;Friendly;Hex;Hex;0;0;0000000000000000;0;0
0 0;2B053BD8241035;08:07
11/1/05;;;30;0000;0,;,;,010203,000000,000000,Services
Allowed;default;;;;;;;;;;;;/bin/csh;;;;;;;;;;;,Services
Allowed;default;;;;;;;;;;;;1;;;;;;;;;;;,0,0

Lines4-End of File: (Look just like line 3 with different serial
numbers and other data.)

Can these files be used?

Which fields would I need to extact from this example?

We will mostly use FreeOTP, but need some hardware authenticators for
the users without smartphones.

Thanks for any help,

Aaron


Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/aa26ee80-3bf1-45d1-94cf-eaece3c5e8cd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

3

Hello Aaron,

this looks like a Safeword Silver token.
To my knowledge the silver tokens are not HOTP/TOTP compatible.
The secret key (if it is not encrypted) looks like a 14 byte hex string,
which is 2 x 56bit, which - exactly like the “DES-Silver” indicated a
DES based proprietary algorithm.

Only the Safeword Alphine tokens followed the HOTP RFC4226 spec.

How many tokens are we talking here?

Kind regards
CorneliusAm Donnerstag, den 19.05.2016, 12:08 -0700 schrieb Aaron McCrea:

Hello,

I am working on importing Safeword tokens into PrivacyIdea. I was able
to import one set of tokens successfully, as I had both an XML file
and a .DAT file that was compatible with the LinOTP conversion script
(linotp-convert-token). But I also have many older safeword tokens
with .dat files that are not in a format that the LinOTP script can
convert.

Here is an example of the data in the files:

Line1:
00000000

Line2:
(000000000000)

Line3:
00000000,$$S2K-C275620$$,$$S2K-C275620$$,
$$$$,00000000,00000000,00000000,$$S/N:C275620 Host #:0 08:07 11/1/05
$$,OFF,OFF,OFF,OFF,ON,OFF,1000000,0,00:00
1/1/80,MoTuWeThFrSaSu,1,S,
$$$$,DES-Silver;DES-Silver;ON;6;ON;OFF;0;EasySync;Synchronous;Friendly;Hex;Hex;0;0;0000000000000000;0;0 0 0;2B053BD8241035;08:07 11/1/05;;;30;0000;0,;,;,010203,000000,000000,Services Allowed;default;;;;;;;;;;;;/bin/csh;;;;;;;;;;;,Services Allowed;default;;;;;;;;;;;;1;;;;;;;;;;;,0,0

Lines4-End of File: (Look just like line 3 with different serial
numbers and other data.)

Can these files be used?

Which fields would I need to extact from this example?

We will mostly use FreeOTP, but need some hardware authenticators for
the users without smartphones.

Thanks for any help,

Aaron


Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/aa26ee80-3bf1-45d1-94cf-eaece3c5e8cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)