Hello! Thanks for a new feature VASCO token support.
As I understand, there is no option like “Import DPX”. One can only enroll vasco token by pasting blob into web form. Am I right?
Please, tell me what is the difference between blob and dpx? How does the vasco blob look like? I only have dpx.
Thanks in advance!
Yes, you are right, we currently did not implemented the importing of a dpx file. You can however import a csv file containing a lot of blobs…
The blob is a 248byte structure (usually base64 encoded), which you probably should be able to export from your current installation. (Depends on the software, you are currently running)
The blob could also be contained in the dpx file, but currently I am not sure about this - I currently have none availble.
Maybe @fredreichbier or @reni could tell more about this.
Please note, that you need a licensed vacman controller library from Vasco!
http://privacyidea.readthedocs.io/en/latest/configuration/tokens/vasco.html?highlight=vasco
I’ll contact colleagues which use Vasco IDENTIKEY Authentication Server for a possibility to “convert” dpx to blob. But it is a bad way to share dpx with 3rd parties. Generally, vasco tokens come only with dpx, and there is no need of having their commercial Vasco IDENTIKEY Authentication Server to operate these tokens. It would be cool to import vasco tokens from dpx like LinOTP do. Hope, you’re planning this!
Another question, do/will vasco tokens support challenge-response?
Thanks for such amazing open source software!
upd: https://github.com/LinOTP/LinOTP/blob/master/linotpd/src/linotp/lib/ImportOTP/vasco.py
This python script explains how to get blob from parsed dpx. The whole class TDigipassBlob has 248byte length, it must be what I need:
class TDigipassBlob(Structure):
"""
Digi Pass Token Blob struct
"""
_fields_ = [("Serial", c_char * 10),
("AppName", c_char * 12),
("DPFlags", c_byte * 2),
("Blob", c_char * 224)]
Demo_GO6.dpx:
ZZ ----------------< DPGO1 Export File >-----------------------------
DH FILE="GO1_10.DPX" DATE=27AUG2002 VERSION=1.5 CREATED_BY=BDEV
DC HSH=0EE07880 DEL=0A97BE2F9380B33E
DA A_HOST=APPL1
ZZ
ZZ ----------------< Token Independent Fields >-----------------------------
DF GL TKTYPE CALCULATOR
DF I0 A_APPLNAME A_CODEWORD A_RSPCHK A_RSPTY A_RSPLNG A_TDESFLAG
ZZ
ZZ ----------------< Token Dependent Fields >-----------------------------
DF G0 SERNUMB8 IPIN PINLNG PINCHGLNG PINFORCED PINCHGON
DF A0 SERNUMB8 A_IVLEFT A_IVRIGHT A_OFFSET A_DES64KEY A_TDES64KEY
ZZ
ZZ -------------------------------------------------------------------------------------
GL DPGO6 Y
I0 "APPLI 1 " 00005200 N D 6 N
G0 91234582 96BC2AAE 4 4 N Y
A0 91234582 0CF1E7DE 7A76B04E 3B2AA0 97FE185D4658D6A3 D0A7FD20399E616F
ZZ -------------------------------------------------------------------------------------
DE DEF_RECORDS=8 DATA_RECORDS=4 TOKENS=1
ZZ -------------------------------------------------------------------------------------
You are welcome to add your updates to
or your PR.
Honestly, currently it has no fixed place on the roadmap.
Using vasco tokens at all does only make limited sense — you still need a licensed vacman controller.