Download
1 / 5
50 likes | 168 Vues
This document outlines the specifications for One-Time Passwords (OTPs) within Microsoft CryptoAPI. It details the objects, procedures, and mechanisms used to access connected OTP tokens, aiming for interoperability across applications. The specifications mirror the PKCS#11 document and follow the HMAC approach. Key operations include acquiring context, creating hashes, setting parameters, generating OTPs, and retrieving values. Recent changes address application authentication methods and introduce the CRYPT_OTP_FORMAT parameter. Future discussions will focus on manifest constants and necessary approvals.
E N D
One-Time Password Specifications (OTPS): CryptoAPI Gareth Richards, RSA Security OTPS Workshop, February 2006
Overview • Describes Microsoft CryptoAPI objects, procedures and mechanisms that can be used to retrieve OTPs • Intended to meet the needs of applications wishing to access connected OTP tokens in an interoperable manner • Intended to mirror the sister PKCS#11 document
Intent is to follow the HMAC approach for CryptoAPI CryptAcquireContext gives handle to key container OTP algorithm given by key in the container CryptCreateHash gives handle to OTP hash object CryptSetHashParam sets the OTP parameters CryptHashData generates OTPs CryptGetHashParam retrieves the OTP value Principals of Operation CryptAcquireContext CryptCreateHash CryptSetHashParam CryptHashData CryptGetHashParam
Recent Changes • Draft 5, published November 17 • Added text clarifying the fact that an application should use returned OTP_PARAMETERS in authentication requests. • Added a CRYPT_OTP_FORMAT OTP parameter to allow applications to determine the format of the returned OTP.
Next Steps • Values for new manifest constants are only outstanding issue. • Unable to obtain Microsoft approval for OTP extensions to CryptoAPI • Two possibilities for discussion: • Withdraw document • Assigned values will not be safe • Assign values with caveat • Assigned values will not be sanctioned
