From 1c1024dade63180dfb0dae96d26f9dbd7c62bb8c Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 6 Jun 2010 19:24:09 +0200
Subject: [PATCH] First version of paper token - an application to make
 paper-based HOTP tokens.

---
 README.md         |  41 +++++++++++++
 examples/test.pdf | Bin 0 -> 12521 bytes
 paper-token.pl    | 152 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 193 insertions(+)
 create mode 100644 README.md
 create mode 100644 examples/test.pdf
 create mode 100644 paper-token.pl

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..68b67fc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,41 @@
+paper token
+===========
+
+paper token is a PDF generator to create paper-based OTP token.
+
+perl requirements
+-----------------
+
+* Authen::HOTP
+* PDF::API2
+* PDF::Table
+* Getopt::Compact
+
+how to use it
+=============
+
+perl paper-token.pl  --output test.pdf --counter 0 --end 200 --secret 3132333435363738393031323334353637383930 --digits 6
+
+OpenOTP server installation
+===========================
+
+* For more information - http://www.foo.be/cgi-bin/wiki.pl/SettingOOTP
+
+LICENSE
+=======
+    
+Copyright (C) 2010 Alexandre Dulaunoy, http://www.foo.be/
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
diff --git a/examples/test.pdf b/examples/test.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..08b1430369efe594f238f6fbfbd293176ab3266a
GIT binary patch
literal 12521
zcmeGjdwdk-Q7FX_9zp=a!{QfXfbhuP`x0V+JT8(z9*__TG|<i6=CWk(Ho4u+3lX%%
zN;M#@NO&Z?DoSh7h&+QJNT8sIfJLgJ5R4!QQ9wuoXlM3ucL`X2w*UC+@ACU?zTNp|
z=9`&sW_Bj~B_cB^d89td6dbYt>nm%5^+ZSb{F&sDM+lW&QOpo3krru=cM>XxWy%;&
zriUqDJdE4U2r^PS?@pFDF3av=7<VS^WYTyCP)!yXm|@81(S$<i1iFHkL_%e;ZYRee
zM1c#$04q*X9&RIL+zt>X7*W~^g$x8jjb|MKnMTYqi#$S2Vgz3DplC*gYa%bXMWRPB
zR9-lt@yhh@_AEvO4is1c6lTgn#1t1WPf*81bxa|7eoRblnK&dn;~_(V$EZ>9nJI=y
zu$qUVMIM24G0bK2MU0z_B!!|_Jc^>q%F3b&cs?qhp^9;Sq=@qr&}FkC$7obCloSA)
zaT(c}M0w1j(#a@d)Ef;(qtRqE15vyr7UEj*98*ra9Ug`xNgOS?`HDL(8R@49nocu^
zvfs+yB=T;Naf@hOi)>20P8rZaCK0`|YkI}ZVEIfMd_vSV)3*=kN6ElT_LXrASDKiR
z_=MhIHAkCF28*6V%j~FeOah;nkl;UK)n<?;$$utBo{>H4CvTw75l}5n^JJD2VVA%U
zk~vyrk{CNWF{m|xaXZCAVlc}tB#5x9uHf<&^PbNr+B3Fi!>)s|n^*nwB-gm|*TG$m
zo?5-hyyfUSse?E4+xXRXefd|;=6#hzZO_v^jC^_X{!?AYbsanRMo7;Gj#aOXp4;@o
zvJq*!Y|&NDiG9*{49m=JdHbEzO^(y=)egws_t2b?IUkiAn*RLQ;QpzR;r+)n_HGE7
z($Z(g>EzlKGp?M^da=NI#dB=dEb-CGJ+bRU7Mt(=Fnb&ADw}q3)v}Pcu61%A>%Js&
zS5o)`H773~V2if@?dfBtzelA1<<iitheO}LbU7|7F(-!K9<%n=l@<Co1=pS_pI?t>
zCcGY2dSriSO?=F&^_|CmUOo1`-eDn8Jw3aBSaj>2*?Xnef+30&D`@eA+oYLMaUglS
zsVpg9l=BAy^<Y@mBZ!HGw1*fCgtEE8!jKC5@{AWmCC~!ndwPs@$GZjA2S{QIycuX3
ztWHI_dC|cX1a5xB2tqM!hjh!7+d0}rs1k`68Am=xD7WOwXFLMybQ8+Ka~y0A1=+}s
zkxbDpxD_Css1$;nxd8zqons0BMZWd0&O$^NAc9z-2%ww<soBoETr{ByD~byt^C4T7
z2UY?{3x$NLWIQ~f@C8AMWpF1J!s~-j1(3brH(Lt#0$UEhm{O!>lr`Ke64-f;2bjRP
zSoM};1Xz(Nk!VoLiJ2FI8T4cXkwsJ*<clX1<a9{qN#K3pj)Z!YP~#xG6Dk#6BoOL^
zN+Xb4sSL<wgqjF%6L?)gMuwLey!;6D7@?*RDwj}G36<}m?L`cvYBWPW+^c%2aIa15
zENf>yb_vWbxgB6nI}h0zWTa6=uuned1I7pGL2sA<ixG+?)J#HwDM1~e1P#DM#h?+P
zKrc`g7L^E9N~khIft4!2po&b4CK2GFEMRqYcR&)6<?z*<53g%@=}|Tb_dt7+y+YpO
zd<Z`fhT}aftgLy90%bUkEf!c1!9hEnXk}%T-AU230A51!e#1LSQv4^&PJ3`4oD$2)
zODIxi*nG=RRZ%o?v{7DOL6>h;eKe{3W<UgWQlo`jB|97AQbtvO(L*~J7wrN23hf0`
zIq-gFs#I}u9W2y6vhHmH%E6a`YD&yt3~-p%D7)mrA_;b;0v$NtgD?1e3^0MQD_-g2
zXXlG6w3R)M0&r}_)6rfW<Kk66gDQ-*(;Q?wUtD<@CyT2x;6g6iE}PlGKn#Ee7>K|M
zqY;8kkmMKy3FKh&J<@hb1Z)?06a+L4zF7=Ds01vkr7*WM4iE-B7J}AC%X=IyTChu?
zG_df>t108gnDofe2xNsc2QDtJu7W`_ElL$L#;cJLuL>3K?^E&W2FCj=7Y{xP){eJ9
zXnQ5JsZ4At6PrI1n~yj}#Y<7~QvC5!e0Vmf0H}0z@eGwHLnX@aC(6)}e8et^6WL-8
z93ex^5tCI8lT{9r{W(nbQRb@i*-+bI@Gu@1WaE4ejE0*eClD2d_Gdw>LeM@|v|=V2
z_Q>uv6L^Wtgi)C={!C!EHE(BCJXXb1Gnx|TtPhVtGr85pd6kG)iFkkJyoTf>cCe)^
zCMRAslBCj0D!t@SFZt*y)Ojp`!AKR}8M$1SO9`bO!P=7%A$~?C@Eioo1bAV|<%q#-
zhTP6N#6m1~4c2G^bu}?rO~h=r$X9f946zyv#9&nBaNY<osA0YMNQak3bGK3E0ep~$
zc3Jd#5@R*XYvFp@WwBTZ&RK!KEQh)d-XlC3_{g{bM_dihONV#>k1?6#QG=rln!d6O
zpfAEucI4|nA{=3O`Rj`JXdi7(8)f^b{1Aq`P%f`sbUN9FhG=EP^^InoJddN-mVl?%
z!7q&v1(5-$h4%qTa2Xsma+w8E;!-MWnbJ#zJn;byBVzz2vPDXSYinvF3aimrjj+5`
zl?#Ojd>IC#30GBN2**n^g2r2hTg)=QXrl=>QMnLL+xYgQEWNzzAf&vD>WEDJFE1g$
zWpD5sQ83Lzym+dIXr7@d+<wHJZV$s}|F!WRmH4p>*T2&o@<BL`(0QfPE=UJ==nH)v
z9QKZZ*5ha0__V2%e8ps-^$4^czS>_d<^!#V(y0Ynk3j3;En=xa>mj!&|0k`-f9yK2
zZZbkIqSaS&RSor>J_gEKwTS#*yAG{R!y3$cLA|Bd>CN7PQY#9zVo)m<kr-=fgrkuE
zZQG#<fuqTy6qKl-rZ}#l-OFpjTKH^$A{8&3#}U`p@U&6pgYzgW(!o9IBlASQaKTp-
zVz4M98bRv~<h}uMfe!inH*E)yqiEj!x^vqh3-J@$4iHuo>Zi6HvJs$FL4$au`jNK7
zzoYQK|9P|>xO=K6Xd^1+e`)YLj%wR++nmN1M!&Y>whvXlwgW#u1=@~4+Y$KUfnRb0
zUp!oaFCKv}9)T|&-tPs0FCOyuw4cuxk3idje^>S|6a#GsHYQN<VwtbC2JI_j?2!<L
zZ9|~#@M}H%JqhpI8?MdsPj5TgoOScH9r6J@t?#(ofi+V!p7HaZSIf#Q4xX6#!S!*6
zB85`VdZWo;-K5j&4aRJpDLW`-;NsP5pL=S!Zdjjteq(W1Z$IP(;p6Lh?zVP}q0QQh
z->d6BSJy4+$Ygg%$B><S2L+wmIHyDRUrt(f;fZg*JJm0xn=!gB{lp?y=h?k4?3;Ie
z<+U4Yk5;-GZ$!3+wWeLoyOO)?aGzUYt$l7q!DHH$wWcxa8prhh?PA9r<n%u&dUrY7
z8mZ>R`UNIiw|O%f!jeufOQ^`uF1`4tgP!aZ(lMd7=J47%mZUYCKCY>`RQs2#vtRc5
z*R{kimOnV>)|uw!owvS!Fjk6f{PX;!kKY{J+WM~x*MBJAJAGmGR>zXZZ$^%J_c5tC
zChX<$H=g;tZkEH-_}tbl1FyRsO`{EGpK025vC)_}_<G^haj$&ReZJ*ai{Bp<JE?YT
z%hV?pEnNBikR79DoT@RdjXGU%-(l%9%luP+3jZ`{m*=l1$KSkqy0$7Jv}*ClZJ|rP
zE1LP{?iFl!=>p++$%dLozqzzLE~j|&>CnccjQ1x-Kbai$Vr|#{^q|PTy+^N^{`;mE
zK3c#uxBRj27Z-jr?Y$wNtd2c+z9qc;+k*Ql*F;;-Pk4R(hOOuNojZ5jIaM5BdE308
zkvX{eo|*NJt&5rdZkGiIhFKGYd0XngS$1ahQ)QohU9&qjsMr1b-184cak)+9LwlH(
zq_uWv{YTDH;kD_jKDv;9eZx!luAlbhzPJPNhN5d{mbC`ezV*-gn3I1!zqg^WX6&M8
z-~958J@nC|%c~sHx{eJ)I-g57>Atv!SyVn~{}NYjb&vZKC&XSI{bbqML$w#G`fr<m
zWTvt1d(W7Iwu>|0U;Vp1b*pka?_4RZ-0K>>b;vVZWXRKTedBu7TDO&y2F-c+(#6AH
zSey;1N%pk38~26Pd{<iQ>eq5!8u-KUke9YTxTPw6*f-G`;~g_!ZyCPv-H1aEeOY^Q
z;i)EP^H&qMSH*SCvKOTGc=^KI{?nQ^li{zIefq3ECb#dT`%<qQeKK$P6Q_fgpHKVc
zAI`+Q^wyM^LA&euYn{7IIY6(TTl`AUnzNm@%xf|Cz4x`MoGqlV>%vPNKB%@IK7LX9
zcIb>-bq~}$zoPb!8)7#cK5@l5E9up7<ao}*#>=mK`&4Ms+M5XvEn3H4YdSxC|HD(Z
z&v5lN1t&%3Jrh>3w7xoROPo`<8T47j#z(Kd@b|%u<kIG@uF|i2#E&q(T$xp)w-vSA
z-}S@a-P`;s|Jp7~H%G#vk5fh^b`P7`yLtB6T+esLZJmzKE{O<#VgJN|lh@nNQ`>`5
z6D~4UYZ9u(UaL+_9bGr?i-BuOR?MfWmI^PueEe0?RGx9F;qmnDX(JYXd|>Fj0RxtP
z()5RhlKM-<Yl`}n*hVbv7TfcKF$abn8{C6^qh<!H`@~sRl=(*Z#fsWPzdkW%V`$HB
zmep+9xn<b85$9&_n)`6w>0ixRK5J~l_d)699p0^;J2a^2%(fYwOUpkTtFxaoq)s_-
zaOc~9daz|@#19>}re8jChhX<V%6+$Bhg{btE2Vu<k6FofWbz|V^=^E8@G57Q0fmKA
zR-UL^*)yba+o;9!Q+C-`?phLJF4(^Q^3;z;Y<e~{FK24Myqr$SpZ2M49Q=;M+GX&_
z@bKrNhR4Cxcir}0{Yp0O=G=w}rSIr=Oz2OGxhyT_ZOzzmCVkGv9<3{`cIbH7=DuBz
zayU^R45u7S!Enw&{UH{!*=QyO#0!Hz(8_bf?S<(ra1I@R{9pzXoYQUxGwR?^R_$PB
zOzG`lRydE{4yM;d!&mmUcqT(MSiUXHisxn8!t^=|{GG8q%nBz6+QVYZaEKUxyn5*M
zF&0SW8VpYCu^i(G#>3>3csTy1972bGCa7e<Zg7axUBDAOls^eJIam<k%$aOey+Lm=
M1V=>JGLnP;4J%rbIRF3v

literal 0
HcmV?d00001

diff --git a/paper-token.pl b/paper-token.pl
new file mode 100644
index 0000000..ad45444
--- /dev/null
+++ b/paper-token.pl
@@ -0,0 +1,152 @@
+#!/usr/bin/perl -w
+#
+# paper token is a software to generate paper-based OTP
+#
+# Copyright (C) 2010 Alexandre Dulaunoy, http://www.foo.be/
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+
+use Authen::HOTP qw(hotp);
+use PDF::API2;
+use PDF::Table;
+use Data::Dumper;
+use Getopt::Compact;
+
+# default value is the test vector from RFC 4226
+my $secret = "3132333435363738393031323334353637383930";
+
+# starting counter
+my $counter = 0;
+
+# ending counter
+my $end = 500;
+
+my $digits     = 6;
+my @tokentable = [];
+
+# window value (shown on one line and window of accepted token)
+my $window = 14;
+
+my $when = localtime();
+
+my $opt = new Getopt::Compact(
+    name    => 'paper token - http://www.foo.be/paper-token/',
+    modes   => '',
+    version => '0.1',
+    struct  => [
+        [
+            [qw(s secret)],
+qq(secret of the token in hex format - default is RFC 4226 test vector),
+            ':s'
+        ],
+        [ [qw(o output)],  qq(output filename),                 ':s' ],
+        [ [qw(c counter)], qq(starting counter - default is 0), ':i' ],
+        [ [qw(e end)],     qq(ending counter - default is 500), ':i' ],
+        [
+            [qw(w window)],
+            qq(window of authentication (one line) - default is 14), ':i'
+        ],
+        [
+            [qw(d digits)],
+            qq(digits showed per OTP value - default is 6 - dec31.6), ':i'
+        ],
+    ]
+);
+
+my $opts = $opt->opts;
+
+if ( !( defined( $opts->{output} ) ) ) {
+    print $opt->usage;
+    exit();
+}
+
+if ( defined( $opts->{counter} ) ) {
+    $counter = $opts->{counter};
+}
+
+if ( defined( $opts->{end} ) ) {
+    $end = $opts->{end};
+}
+
+if ( defined( $opts->{window} ) ) {
+    $window = $opts->{window};
+}
+
+if ( defined( $opts->{secret} ) ) {
+    $secret = $opts->{secret};
+}
+
+my $sn = substr( $secret, 0, 10 );
+
+if ( defined( $opts->{digits} ) ) {
+    $digits = $opts->{digits};
+}
+
+for ( $count = $counter ; $count < $counter + $end ; $count = $count + $window )
+{
+    my @tj;
+    for ( $j = $count ; $j < $count + $window ; $j = $j + 1 ) {
+        my $pass = hotp( $secret, $j, $digits );
+        push( @tj, "$pass" );
+    }
+    @val = ["@tj"];
+    push( @{ $tokentable[0] }, @val );
+}
+
+my $pdftable = new PDF::Table;
+my $pdf      = new PDF::API2( -file => $opts->{output} );
+my $page     = $pdf->page;
+my $gfx      = $page->gfx;
+
+my $tokeninfo = "Paper token for HOTP token S/N : " . $sn;
+my $tokenhowto =
+"How to use? Read from left to right and when you use a token, strikethrough the used value.";
+my $tokenadv =
+  "Generated by paper token - http://www.foo.be/paper-token/ at " . $when;
+
+$pdf->info(
+    'Author'   => "Alexandre Dulaunoy - http://www.foo.be/",
+    'Creator'  => "Paper Token - http://www.foo.be/paper-token/",
+    'Producer' => "PDF::API2",
+    'Title'    => $tokeninfo,
+);
+
+$fnt    = $pdf->corefont('Helvetica-Bold');
+$fntlow = $pdf->corefont('Helvetica');
+
+$gfx->textlabel( 10, 750, $fnt,    11, $tokeninfo );
+$gfx->textlabel( 10, 739, $fntlow, 11, $tokenhowto );
+$gfx->textlabel( 10, 728, $fntlow, 11, $tokenadv );
+
+$pdftable->table(
+    $pdf,
+    $page,
+    @tokentable,
+    -x                     => 1,
+    -w                     => 40,
+    -start_y               => 700,
+    -next_y                => 700,
+    -start_h               => 700,
+    -next_h                => 700,
+    -w                     => 600,
+    -padding               => 2,
+    -padding_right         => 1,
+    -background_color_odd  => "lightgray",
+    -background_color_even => "gray",
+    font      => $pdf->corefont( "Helvetica", -encoding => "utf8" ),
+    font_size => 11,
+    border    => 0
+);
+
+$pdf->save();
+