Design of a Compiled C Program to Authenticate the CryptoCard KT-1 Token Using AuthEngine SDK


CryptoCard provides an authentication library (product name: AuthEngine SDK) to perform the cryptographic arithmetic necessary to authenticate several models of token.

The CryptoCard tokens use standard cryptographic algorithms (AES-128, AES-192, 3DES, and others) to map between the token's cryptographic key, the token state, and the one-time password (OTP) displayed by the token.  It would be possible in principle to implement authentication using PHP only by implementing AES or 3DES in PHP.  However, it is simpler to use the AuthEngine product.

The disadvantages to using the AuthEngine product in a PHP application are:

It would be insecure to pass token keys to a compiled C program on the command line, because process names and command-line arguments of all running processes are world-visible on Unix systems.

The approach chosen was to use Unix pipes to communicate with the compiled program.  This seems to work well.

The C program is under version control here (click on the view link of the most recent revision).  All licensing, installation, and operational details are included in the source code.


This web page is maintained by David T. Ashley.  Local time on this server (at the time the page was served) is