Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

securenet(8) [plan9 man page]

SECURENET(8)						      System Manager's Manual						      SECURENET(8)

NAME
securenet - Digital Pathways SecureNet Key remote authentication box DESCRIPTION
The SecureNet box is used to authenticate connections to Plan 9 from a foreign system such as a Unix machine or plain terminal. The box, which looks like a calculator, performs DES encryption with a key held in its memory. Another copy of the key is kept on the authentica- tion server. Each box is protected from unauthorized use by a four digit PIN. When the system requires SecureNet authentication, it prompts with a numerical challenge. The response is compared to one generated with the key stored on the authentication server. Respond as follows: Turn on the box and enter your PIN at the EP prompt, followed by the ENT button. Enter the challenge at Ed prompt, again followed ENT. Then type to Plan 9 the response generated by the box. If you make a mistake at any time, reset the box by pressing ON. The authentica- tion server compares the response generated by the box to one computed internally. If they match, the user is accepted. The box will lose its memory if given the wrong PIN five times in succession or if its batteries are removed. To reprogram it, type a 4 at the E0 prompt. At the E1 prompt, enter your key, which consists of eight three-digit octal numbers. While you are entering these digits, the box displays a number ranging from 1 to 8 on the left side of the display. This number corresponds to the octal number you are entering, and changes when you enter the first digit of the next number. When you are done entering your key, press ENT twice. At the E2 prompt, enter a PIN for the box. After you confirm by retyping the PIN at the E3 prompt, you can use the box as normal. You can change the PIN using the following procedure. First, turn on the box and enter your current PIN at the EP prompt. Press ENT three times; this will return you to the EP prompt. Enter your PIN again, followed by ENT; you should see a Ed prompt with a - on the right side of the display. Enter a 0 and press ENT. You should see the E2 prompt; follow the instructions above for entering a PIN. The SecureNet box performs the same encryption as the netcrypt routine (see encrypt(2)). The entered challenge, a decimal number between 0 and 100000, is treated as a text string with trailing binary zero fill to 8 bytes. These 8 bytes are encrypted with the DES algorithm. The first four bytes are printed on the display as hexadecimal numbers. However, when set up as described, the box does not print hexadec- imal digits greater than 9. Instead, it prints a 2 for an A, B, or C, and a 3 for a D, E, or F. If a 5 rather than a 4 is entered at the E0 print, the hexadecimal digits are printed. This is not recommended, as letters are too easily confused with digits on the SecureNet display. SEE ALSO
encrypt(2), auth(2) Digital Pathways, Mountain View, California BUGS
The box is too clumsy. If carried in a pocket, it can turn itself on and wear out the batteries. SECURENET(8)

Check Out this Related Man Page

WESTCOS-TOOL(1) 						   OpenSC tools 						   WESTCOS-TOOL(1)

NAME
westcos-tool - utility for manipulating data structures on westcos smart cards SYNOPSIS
westcos-tool [OPTIONS] DESCRIPTION
The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards. Users can create PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it. OPTIONS
--reader, r num Use the given reader. The default is the first reader with a card. --wait, -w Wait for a card to be inserted --generate-key, -g Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be created, see option -i). By default key length is 1536 bits. User authentication is required for this operation. --overwrite-key, -o Overwrite the key if there is already a key on card. --key-length length, -l length Change the length of private key, use with -g. --install-pin, -i Install PIN file in token, you must provide PIN value with -x. --pin-value value, -x value set value of PIN. --puk-value value, -y value set value of PUK (or value of new PIN for change PIN command see -n). --change-pin, -n Changes a PIN stored on the token. User authentication is required for this operation. --unblock-pin, -u Unblocks a PIN stored on the token. Knowledge of the PIN Unblock Key (PUK) is required for this operation. --certificate file, -t file Write certificate file in PEM format to the card. User authentication is required for this operation. --finalize, -f Finalize the card. Once finalized the default key is invalidated so PIN and PUK can't be changed anymore without user authentication. Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key is enough). --read-file path, -j path Get the file path the file is written on disk with path name. User authentication is required for this operation. --write-file path, -k path Put the file with name path from disk to card the file is written in path. User authentication is required for this operation. --help, -h Print help message on screen. -v Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library. AUTHORS
westcos-tool was written by Francois Leblanc francois.leblanc@cev-sa.com. opensc 06/03/2012 WESTCOS-TOOL(1)
Man Page