Writing this to hopefully safe somebody's time trying to setup LinOTP with the gauthj2me soft token generator. There is no documentation on site so I had to look at the source to see how it works.
Why gauthj2me? It's only 34k and fits in even most constrained phone memory like old s40 nokias (tested on nokia 6070 with a 128k jar limit/ 150k installing from internet). Still it features sha1 which seems required for LinOTP TOTP setup. Thus it has a limit of 32 base32 digits (160bits). With more recent devices another alternative is lwuitgauthj2me which is more feature rich but over 220k. There seems to be another alternative - DS3 Oath which should also work based on their documentation. It is HOTP unlike gauthj2me which is TOTP (access number vs time based).
Anyways, here you find my quick notes on setting that up (shell commands for fedora 18):
# Download and install to phone http://code.google.com/p/gauthj2me/ # go to LinOTP self service console -> Enroll TOTP # enter seed in hex digits (see below), sha1, 30 seconds # click on the button "enroll TOTP Token" # go to Resync Token tab to sync and test your soft token ## # Prepare a base32 encoder (thanks to cjc) ## yum install perl-MIME-Base32 cat > base32.pl << "EOF" #!/usr/bin/perl use MIME::Base32 qw( RFC ); undef $/; # in case stdin has newlines $string =; $encoded = MIME::Base32::encode($string); print "$encoded\n"; EOF chmod 755 base32.pl ## # enable hardware enthropy sources # /funny how slow is random without a hw rng/ ## sudo systemctl enable rngd sudo systemctl start rngd ## # generate ranndom 160bit key ## # gauthj2me supports up to 32 base32 places (160bits) dd if=/dev/random of=/tmp/key bs=1 count=20 # enter as seed in LinOTP management console cat /tmp/key | xxd -ps 93590476d673f3b1dc06224fed4235e7a90fd458 # enter this in Swarte Token Generator /that is PITA/ cat /tmp/key | ./base32.pl SNMQI5WWOPZ3DXAGEJH62QRV46UQ7VCY
No comments:
Post a Comment