For the past weeks I have been working on implementing RFC 6030, also known as Portable Symmetric Key Container (PSKC). So what is PSKC? The Portable Symmetric Key Container (PSKC) format is used to transport and provision symmetric keys to cryptographic devices or software.
My PSKC Library allows you to parse, validate and generate PSKC data. The PSKC Library is written in C, uses LibXML, and is licensed under LGPLv2+. In practice, PSKC is most commonly used to transport secret keys for OATH HOTP/TOTP devices (and other OTP devices) between the personalization machine and the OTP validation server. Yesterday I released version 2.0.0 of OATH Toolkit with the new PSKC Library. See my earlier introduction to OATH Toolkit for background. OATH Toolkit is packaged for Debian/Ubuntu and I hope to refresh the package to include libpskc/pskctool soon.
To get a feeling for the PSKC data format, consider the most minimal valid PSKC data:
<?xml version="1.0"?> <KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0"> <KeyPackage/> </KeyContainer>
The library can easily be used to export PSKC data into a comma-separated value (CSV) format, in fact the PSKC library tutorial concludes with that as an example. There is complete API documentation for the library. The command line tool is more useful for end-users and allows you to parse and inspect PSKC data. Below is an illustration of how you would use it to parse some PSKC data, first we show the content of a file “pskc-figure2.xml”:
<?xml version="1.0" encoding="UTF-8"?> <KeyContainer Version="1.0" Id="exampleID1" xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> <KeyPackage> <Key Id="12345678" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> <Issuer>Issuer-A</Issuer> <Data> <Secret> <PlainValue>MTIzNA== </PlainValue> </Secret> </Data> </Key> </KeyPackage> </KeyContainer>
Here is how you would parse and pretty print that PSKC data:
jas@latte:~$ pskctool -c pskc-figure2.xml Portable Symmetric Key Container (PSKC): Version: 1.0 Id: exampleID1 KeyPackage 0: DeviceInfo: Key: Id: 12345678 Issuer: Issuer-A Algorithm: urn:ietf:params:xml:ns:keyprov:pskc:hotp Key Secret (base64): MTIzNA== jas@latte:~$
For more information, see the OATH Toolkit website and the PSKC Library Manual.
sorry for disturb you for a so trivial subject, hope this don’t will bother you so much. I read an article you wrote some time a go about the wrt54g3g v. 1.1, in that time I bought one for use at home, but I made a mistake because this router don’t have usb port. Than I installed openwrt firmware and was using as a repeater. But not satisfied with that, I try to install other firmware and I overwrite the cfe putting it in brick mode 🙁 . Now my cfe is corrupted and I don’t was able to find in the Internet the right one. Can you take a copy of your cfe and send to me? If it’s possible, I really appreciate. Hope you have time to that due the hard work you have done here. Thanks in advance and congrats for your blog.