Browse Source

Markdown-ify the README file

develop
Damien Goutte-Gattat 4 years ago
parent
commit
a149b520cc
2 changed files with 20 additions and 21 deletions
  1. +1
    -1
      Makefile.am
  2. +19
    -20
      README.md

+ 1
- 1
Makefile.am View File

@ -2,4 +2,4 @@ SUBDIRS = lib src man
ACLOCAL_AMFLAGS = -I m4 --install
dist_doc_DATA = AUTHORS COPYING README
dist_doc_DATA = AUTHORS COPYING README.md

README → README.md View File

@ -10,48 +10,47 @@ Scdrand - Extract random numbers from a smartcard
Scdrand obtains up to 256 bytes of random data from a ISO7816-compliant
smartcard and adds them to the kernel entropy pool.
It uses Scdaemon to send a GET CHALLENGE to the smartcard. As per
It uses Scdaemon to send a `GET CHALLENGE` to the smartcard. As per
ISO 7816-4, the smartcard replies with random bytes, which Scdrand then
sends to the Linux kernel entropy pool through the RNDADDENTROPY ioctl
call on /dev/random.
call on `/dev/random`.
Since that call requires root privileges, scdrand is installed with the
setuid bit set. To mitigate risks associated with running as root, the
program forks itself at startup and only the child retains the root
privileges needed to write to /dev/random. The parent process, in charge
of communicating with the smartcard, then runs with the privileges on
the calling user.
privileges needed to write to `/dev/random`. The parent process, in
charge of communicating with the smartcard, then runs with the
privileges on the calling user.
Scdtotp - Generate time-based OTP from an OpenPGP smartcard
-----------------------------------------------------------
Scdtotp uses an OpenPGP smartcard as a poor man’s one-time password
generator token. It generates time-based one-time password (TOTP)
as per RFC 6238, based on a key it expects to find in the private
data object of the inserted OpenPGP smartcard.
generator token. It generates time-based one-time password (TOTP) as per
[RFC 6238](http://tools.ietf.org/html/rfc6238), based on a key it
expects to find in the private data object of the inserted OpenPGP
smartcard.
Note that contrary to a true password generator token, the key cannot
remain only on the smartcard, it has to be sent to the computer so
that scdtotp can derive the password from it. Thus it cannot provide
the same level of security.
The key must be stored as an otpauth:// URI as specified in
<https://code.google.com/p/google-authenticator/wiki/KeyUriFormat>,
The key must be stored as an `otpauth://` URI as specified in [Google
Authenticator’s wiki](https://code.google.com/p/google-authenticator/wiki/KeyUriFormat),
e.g.:
otpauth://totp/alice@example.org?secret=KIMEFUAW4SRW
otpauth://totp/alice@example.org?secret=KIMEFUAW4SRW
where the “secret” parameter is the Base32-encoded key. This format
where the _secret_ parameter is the Base32-encoded key. This format
allows to specify also the non-secret parameters of the TOTP
algorithm:
– the HMAC algorithm to use: "&algorithm=mac", where “mac” can be
“sha1” (default), “sha256”, or “sha512”;
– the time period: "&period=N", where N is expressed in seconds
(30 seconds by default);
– the number of digits to output: "&digits=N" (defaults to 6).
- the HMAC algorithm to use: `&algorithm=mac`, where _mac_ can be `sha1`
(default), `sha256`, or `sha512`;
- the time period: `&period=N`, where _N_ is expressed in seconds (30
seconds by default);
- the number of digits to output: `&digits=N` (defaults to 6).
All of these parameters may be overridden by command line options.
@ -60,7 +59,7 @@ Copying
-------
Scdtools is distributed under the terms of the GNU General Public
License, version 3 or higher. The full license is included in the
COPYING file of the source distribution.
[COPYING file](COPYING) of the source distribution.
Homepage and contact

Loading…
Cancel
Save