Skip to content
Dimitri Papadopoulos Orfanos edited this page Dec 10, 2023 · 2 revisions

stoken - Software Token for Linux/UNIX

stoken is an open source tokencode generator compatible with RSA SecurID 128-bit (AES) tokens. It is a hobbyist project, not affiliated with or endorsed by RSA Security.

stoken offers the following interfaces:

  • Interactive or batched CLI: stoken
  • GTK+ graphical UI: stoken-gui
  • Shared library for use with external programs: libstoken.so.1
  • JNI (Java) API compatible with Android

Downloading stoken

New release tarballs (stoken ≥ 0.93) are available from the GitHub Tags page, and older release tarballs (stoken ≤ 0.92) are available from the SourceForge download page. The head of tree is hosted at GitHub. Please submit improvements through the Pull Request interface. stoken is available in Debian Jessie+, Ubuntu 13.10+, and Fedora 19+.

Newer (but experimental) Ubuntu packages are often available from my PPA. Sample usage:

sudo -s
apt-get install python-software-properties
add-apt-repository ppa:cernekee/ppa
apt-get update
apt-get install stoken libstoken-dev

Android users: check out Easy Token, which is based on libstoken.

Basic usage

First, import a token from a raw string or an "sdtid" XML file:

stoken import --token 2000123456...
stoken import --token com.rsa.securid.iphone://ctf?ctfData=2000123456...
stoken import --file mytoken.sdtid

This will prompt for an optional password, so that your seed is encrypted on disk.

Next, use the CLI or GUI to show the current tokencode:

stoken tokencode
stoken-gui &

If your token requires a PIN, stoken will prompt for it. You can use "stoken setpin" to cache your PIN in ~/.stokenrc. This is much less secure, but may be useful for automation.

Modern versions of OpenConnect link against libstoken and can send an autogenerated tokencode as the password. Import your token using the above instructions, then:

openconnect -u USERNAME --token-mode=rsa HOSTNAME

Screenshots

stoken-gui stoken-gui --small
stoken-gui stoken-gui --small
Clone this wiki locally