mirror of
https://github.com/adulau/ootp.git
synced 2024-11-22 10:07:12 +00:00
205 lines
6.5 KiB
Groff
205 lines
6.5 KiB
Groff
...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $
|
||
...\"
|
||
...\" transcript compatibility for postscript use.
|
||
...\"
|
||
...\" synopsis: .P! <file.ps>
|
||
...\"
|
||
.de P!
|
||
\\&.
|
||
.fl \" force out current output buffer
|
||
\\!%PB
|
||
\\!/showpage{}def
|
||
...\" the following is from Ken Flowers -- it prevents dictionary overflows
|
||
\\!/tempdict 200 dict def tempdict begin
|
||
.fl \" prolog
|
||
.sy cat \\$1\" bring in postscript file
|
||
...\" the following line matches the tempdict above
|
||
\\!end % tempdict %
|
||
\\!PE
|
||
\\!.
|
||
.sp \\$2u \" move below the image
|
||
..
|
||
.de pF
|
||
.ie \\*(f1 .ds f1 \\n(.f
|
||
.el .ie \\*(f2 .ds f2 \\n(.f
|
||
.el .ie \\*(f3 .ds f3 \\n(.f
|
||
.el .ie \\*(f4 .ds f4 \\n(.f
|
||
.el .tm ? font overflow
|
||
.ft \\$1
|
||
..
|
||
.de fP
|
||
.ie !\\*(f4 \{\
|
||
. ft \\*(f4
|
||
. ds f4\"
|
||
' br \}
|
||
.el .ie !\\*(f3 \{\
|
||
. ft \\*(f3
|
||
. ds f3\"
|
||
' br \}
|
||
.el .ie !\\*(f2 \{\
|
||
. ft \\*(f2
|
||
. ds f2\"
|
||
' br \}
|
||
.el .ie !\\*(f1 \{\
|
||
. ft \\*(f1
|
||
. ds f1\"
|
||
' br \}
|
||
.el .tm ? font underflow
|
||
..
|
||
.ds f1\"
|
||
.ds f2\"
|
||
.ds f3\"
|
||
.ds f4\"
|
||
.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n
|
||
.TH "Spyrus PAR II" "7"
|
||
.SH "NAME"
|
||
Spyrus PAR II \(em Spyrus PAR II reader with HOTP firmware
|
||
.SH "SETUP"
|
||
.PP
|
||
.SH "KEY SEQUENCES"
|
||
.PP
|
||
.PP
|
||
A HOTP token is obtained by activating the reader, authenticating
|
||
with a 5 digit PIN, and picking a numerically indexed host\&. Interactive
|
||
menu and two digit shortcut methods are provided for host selection\&.
|
||
Additional functionality includes Smart Card PIN change, overriding default
|
||
increment-on-generate per-host HOTP count behavior, and firmware management\&.
|
||
.PP
|
||
With the HOTP displayed, press Enter to repeat the host
|
||
selection process for additional token generation or Down Arrow
|
||
to generate a token for the next host\&.
|
||
.PP
|
||
The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal
|
||
based on the format bit field provided by the Smart Card\&.
|
||
.PP
|
||
Use the host selection shortcut to extend battery life\&.
|
||
.SS "Basic Functions:"
|
||
.PP
|
||
\fB<Card/ON>\fP Power up reader\&.
|
||
.PP
|
||
\fB<Calc/OFF>\fP Power down reader, firmware menu\&. The reader
|
||
should be powered down after utilizing the HOTP to extend battery
|
||
life\&. A timeout will turn off the reader off without intervention\&.
|
||
.SS "PIN Entry:"
|
||
.PP
|
||
\fB<0123456789>\fP 5 digit PIN\&. Default is 28165\&.
|
||
.PP
|
||
\fB<Clear>\fP Clear input\&.
|
||
.PP
|
||
\fB<Enter>\fP Accept PIN sequence\&.
|
||
.SS "Host Selection:"
|
||
.PP
|
||
\fB<Enter>\fP Select host\&. A single digit + \fB<Enter>\fP will select host 0\&.\&.9\&. Minus other digits, \fB<Enter>\fP will select
|
||
index 0\&.
|
||
.PP
|
||
\fB<0123456789>\fP 2 digit host index\&.
|
||
.PP
|
||
\fB<Clear>\fP Clear host digit\&.
|
||
.PP
|
||
\fB<*>\fP Change PIN\&.
|
||
.PP
|
||
\fB<#>\fP Toggle Challenge/Count input\&. The per-host count, incremented
|
||
by 1 and stored on the SC after each HOTP generation can be overridden
|
||
with this option\&. A count value of 0 indicates the HOTP value is to be
|
||
calculated with the current stored count\&.
|
||
.PP
|
||
\fB<DOWN>\fP Enable host menu\&.
|
||
.SS "Host Selection With Menu:"
|
||
.PP
|
||
.PP
|
||
\fB<Enter>\fP Select host\&.
|
||
.PP
|
||
\fB<UP>\fP Cursor up one line\&.
|
||
.PP
|
||
\fB<DOWN>\fP Cursor down one line\&.
|
||
.SS "HOTP Display"
|
||
.PP
|
||
.PP
|
||
\fB<Enter>\fP Jump back to host selection\&.
|
||
.PP
|
||
\fB<DOWN>\fP Generate token for next host\&.
|
||
.SH "LOADING FIRMWARE"
|
||
.PP
|
||
The PAR II is factory loaded with the
|
||
\fBHI-TECH Software Bootloaders for Microchip 16F87x version 1\fP\&.
|
||
.PP
|
||
\fBFirmware Download Procedure:\fR
|
||
.PP
|
||
The download will progress and end in an error resetting the PIC\&. This
|
||
is a bug in the PAR II downloader and can be safely ignored\&.
|
||
.PP
|
||
\fIStep 1. connect the Spyrus download cable to a workstation with
|
||
\fBhtsoft-downloader\fP or
|
||
\fBpic-downloader\fP\&.
|
||
.PP
|
||
\fIStep 2. start \fBhtsoft-downloader\fP or \fBpic-downloader\fP\&.
|
||
.PP
|
||
\fIStep 3. press CALC/OFF then down arrow 3 times to select DownloadApp\&.
|
||
.PP
|
||
\fIStep 4. press Enter to initiate the download\&.
|
||
.PP
|
||
\fIStep 5. press CARD/ON to verify new firmware is loaded\&.
|
||
.SH "EEPROM CUSTOMIZATION"
|
||
.PP
|
||
The Spyrus PAR II HOTP application utilizes the onboard EEPROM for string
|
||
storage allowing customization without re-compiling\&. A fixed memory
|
||
map is as follows:
|
||
.PP
|
||
.nf
|
||
Offset Length Default Description
|
||
-------------------------------------------------------------------------
|
||
0 3 "maf" EEPROM Signature\&. Reset if no match\&.
|
||
3 5 "00000" Reader Key
|
||
8 12 "OARnet:2009 " Calculator message
|
||
20 12 " OARnet " Line 1 initial
|
||
32 12 "PIN: " Line 2 initial
|
||
44 12 " OARnet " Line 1 after PIN success
|
||
56 12 " Verified " Line 2 after PIN success
|
||
68 12 "Challenge: " Message to indicate count entry
|
||
80 12 "10 Failures " Line 1 card locked / excessive PIN fail
|
||
92 12 "Card Locked " Line 2 card locked / excessive PIN fail
|
||
104 12 " Access " Line 1 incorrect PIN
|
||
116 12 " Denied " Line 2 incorrect PIN
|
||
128 12 " No Hosts " Line 1, SC with no host entries
|
||
140 12 "Set New PIN " Line 1 reset PIN
|
||
152 12 "NewPIN: " Line 2 reset PIN
|
||
164 12 "Again: " Line 3 reset PIN
|
||
176 12 "PIN Changed " PIN Change notification
|
||
188 12 "No Card " No SC at powerup
|
||
200 12 "Try Harder " all PIN digits equal
|
||
.fi
|
||
.PP
|
||
\fBEEPROM Load Procedure:\fR
|
||
.PP
|
||
The EEPROM is customized with a Smart Card loaded with the Spyrus
|
||
Personalization software \fBSPYRUSP\&.IMG\fP\&. Blocks
|
||
of 16 bytes are loaded sequentially until the 8 bit block id
|
||
has the high bit set\&. Use \fBbcload\fP to load a SC with \fBSPYRUSP\&.IMG\fP then the command
|
||
\fBspyrus-ee-set\fP with \fBotp-sca\fP to store the EEPROM image on the SC\&. A default EEPROM configuration is
|
||
supplied in the file \fBoar\&.str\fP which is converted to
|
||
\fBoar\&.ee\fP with the \fBstr2ee\fP utility\&. \fBoar\&.ee\fP is suitable for
|
||
\fBotp-sca\fP\&.
|
||
.PP
|
||
\fIStep 1. Insert the SC loaded with \fBSPYRUSP\&.IMG\fP and configured
|
||
using \fBspyrus-ee-set\fP with \fBotp-sca>\fP\&.
|
||
.PP
|
||
\fIStep 2. Press Card/ON\&. Enter the magic PIN 3#\&. The Spyrus reader will reset after the last block is loaded\&.
|
||
.SH "AUTHOR"
|
||
.PP
|
||
Mark Fullmer maf@splintered\&.net
|
||
.SH "BUGS"
|
||
.PP
|
||
The Spyrus reader is not waterproof and will not survive a permanent-press
|
||
cycle\&. The Smart Card will survive your back pocket when seated, the reader
|
||
may not\&.
|
||
.SH "SEE ALSO"
|
||
.PP
|
||
\fBotp-sca\fP(1)
|
||
\fBotp-sct\fP(1)
|
||
\fBotp-control\fP(1)
|
||
\fBpam_otp\fP(1)
|
||
\fBhtsoft-downloader\fP(1)
|
||
\fBurd\fP(1)
|
||
\fBbcload\fP(1)
|
||
\fBOpenVPN\fP(8)
|
||
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01
|