PROJECTS: trueToken - usb token with an open source code |
What is the token?
Token - personal authentication device, that allows to store and use passwords, cryptographic keys, digital signatures and other personal data secure.
It's major purposes are two-factor authentication, protection of e-mails and financial transactions.
Using our trueToken firmware, you can transform SenseLock hardware key into the full featured token, that supports PKCS#11 standart, version 2.11.
PKCS#11 is a cryptographic standart for tokens, developed by RSA Laboratories.
trueToken Features
- HID-mode. No need to install any drivers.
- 32 kb of non-volatile memory for data storage.
- Assymetric cryptography using RSA-1024 algorithm inside of the token.
- Symmetric cryptography using DES and 3DES algorithms inside of the token.
- Hash calculation using SHA-1.
- Creation and verification of digital signatures using RSA-1024 and SHA-1.
- Key generation for asymmetric and symmetric cryptographic algorithms.
Benefits of trueToken
- Open source code of token firmware guarantees, that there would be no backdoors or "engineer passwords".
- Modifications to the token firmware can be done at any time.
- New cryptographic algorithms, such as GOST 28147-89 and AES, can be added at any time by the developer.
- Possible to use token in HID mode without any additional drivers.
- trueToken is based on the SenseLock hardware key. It has Philips EAL5+ certified smart-card chip with hardware implemented RSA-1024, DES, 3DES and SHA-1 algorithms.
Special features
First RSA encryption/decryption call is slower than following calls using the same key. It is connected with caching function that holds the key in cache until next encryption/decryption call using different key.
InitPIN function is not implemented. It is connected with internal data decryption using User PIN meantime InitPIN is executed in SO mode.
C_GenerateKeyPain generates keys within software interface module and then passes them into the trueToken. It is connected with Senselock EL file system features.
Download
EXF module version: 1.16
DLL version: 1.16
Last update: February 27, 2009
Project includes:
- TokenDemo.exe - small utility, that allows programming of blank SenseLock dongles with trueToken firmware and use some basic PKCS#11 functions.
- SENSELOCK_PKCS.DLL - PKCS#11 interface library for trueToken.
- SENSELOCK_PKCS_DEBUG.DLL - Debug version of PKCS#11 interface library for trueToken. It creates PKCS.LOG file in the current folder and logs all activity.
After initialization, user PIN is set to "12345678" (8 chars), and administrator PIN is set to "123456781234567812345678" (24 chars).
If you want to use trueToken in your products, please contact us using our contacts information.
Feature developments
Following items will be released in the nearest feature:
- Creation of public/private keys inside of the SenseLock.
- Add following mechanisms:
CKM_AES_KEY_GEN
CKM_AES_ECB - Add following functions:
C_WrapKey
C_UnwrapKey
C_CopyObjects - GOST 28147-89 implementation.
- "Danger" user PIN implementation. If this PIN will be used with trueToken - all stored data (passwords, keys) will be totally destroyed.
Supported PKCS#11 classes
When used with SenseLock dongles (64 kb models), 32 kb of memory will be available for user data storage.
| Name | Supported |
|---|---|
| CKO_DATA | Yes |
| CKO_PUBLIC_KEY | Yes |
| CKO_PRIVATE_KEY | Yes |
| CKO_SECRET_KEY | Yes |
Supported PKCS#11 mechanisms
| Name | Supported |
|---|---|
| CKM_RSA_PKCS_KEY_PAIR_GEN | |
| Generate Key Pair | Yes |
| CKM_RSA_PKCS | |
| Encrypt | Yes |
| Decrypt | Yes |
| Sign | Yes |
| Verify | Yes |
| Wrap | No |
| Unwrap | No |
| Sign and Recovery | No |
| Verify and Recovery | No |
| CKM_SHA1_RSA_PKCS | |
| Sign | Yes |
| Verify | Yes |
| CKM_DES_KEY_GEN | |
| Generate Key | Yes |
| CKM_DES_ECB | |
| Encrypt | Yes |
| Decrypt | Yes |
| Wrap | No |
| Unwrap | No |
| CKM_DES3_KEY_GEN | |
| Generate Key | Yes |
| CKM_DES3_ECB | |
| Encrypt | Yes |
| Decrypt | Yes |
| Wrap | No |
| Unwrap | No |
Supported PKCS#11 functions
| Name | Supported |
|---|---|
| C_Initialize | Yes |
| C_Finalize | Yes |
| C_InitToken | Yes |
| C_GetInfo | Yes |
| C_GetFunctionList | Yes |
| C_GetSlotList | Yes |
| C_GetSlotInfo | Yes |
| C_GetTokenInfo | Yes |
| C_GetMechanismInfo | Yes |
| C_GetMechanismList | Yes |
| C_InitPIN | No |
| C_SetPIN | Yes |
| C_OpenSession | Yes |
| C_CloseSession | Yes |
| C_GetSessionInfo | Yes |
| C_Login | Yes |
| C_Logout | Yes |
| C_CreateObject | Yes |
| C_CopyObject | Yes |
| C_DestroyObject | Yes |
| C_GetObjectSize | Yes |
| C_GetAttributeValue | Yes |
| C_SetAttributeValue | Yes |
| C_FindObjectsInit | Yes |
| C_FindObjects | Yes |
| C_FindObjectsFinal | Yes |
| C_WaitForSlotEvent | Yes |
| C_SeedRandom | Yes |
| C_GenerateRandom | Yes |
| C_GenerateKey | Yes |
| C_GenerateKeyPair | Yes |
| C_WrapKey | No |
| C_UnwrapKey | No |
| C_Encrypt | Yes |
| C_EncryptInit | Yes |
| C_EncryptUpdate | Yes |
| C_EncryptFinal | Yes |
| C_Decrypt | Yes |
| C_DecryptInit | Yes |
| C_DecryptUpdate | Yes |
| C_DecryptFinal | Yes |
| C_Digest | Yes |
| C_DigestInit | Yes |
| C_DigestUpdate | Yes |
| C_DigestFinal | Yes |
| C_Sign | Yes |
| C_SignInit | Yes |
| C_SignUpdate | Yes |
| C_SignFinal | Yes |
| C_Verify | Yes |
| C_VerifyInit | Yes |
| C_VerifyUpdate | Yes |
| C_VerifyFinal | Yes |
| C_GetOperationState | No |
| C_SetOperationState | No |
| C_CopyObject | No |
| C_DigestKey | No |
| C_SignRecoverInit | No |
| C_SignRecover | No |
| C_VerifyRecoverInit | No |
| C_VerifyRecover | No |
| C_DigestEncryptUpdate | No |
| C_DecryptDigestUpdate | No |
| C_SignEncryptUpdate | No |
| C_DecryptVerifyUpdate | No |
| C_DeriveKey | No |
| C_CancelFunction | No |
| C_GetFunctionStatus | No |