First you have to install the server via your package manager. For example:
~# apt-get install ardukey-auth-server
Important note: First you need to add the "PM Codeworks" repository. See this page for the instructions.
If you don't want to use pre-build packages, you can easyly build your own packages using the tool debuild:
~$ cd ./src/
~$ debuild
After that, the generated packages can be found in the upper directory. You can install the packages with dpkg:
~# dpkg -i ../*.deb
And fix the dependency problems, if occurred:
~# apt-get -f install
Note: All changes will be done in file /etc/ardukey-auth-server.conf.
You should change the address, the server is listening on. This address must be available for all systems that should verify One-Time passwords (OTP):
server_address = 11.22.33.44
Than restart the auth-server:
~# /etc/init.d/ardukey-auth-server restart
First add an ArduKey device with the following command:
~# ardukey-auth-conf --add-ardukey cccccccccccb b0d4a2d69bc4 7a1858592fcb76bd5eb2685421aed45e
Note: In this example, an ArduKey device with the public id cccccccccccb, the secret id b0d4a2d69bc4 and the AES key 7a1858592fcb76bd5eb2685421aed45e will be added to database of auth-server.
All systems (a PAM module for example) that should verify OTPs from users need a valid "API key" to sign and verify communication to/from auth-server.
Now, generate a new API key:
~# ardukey-auth-conf --generate-apikey
The command outputs the "API id" and the "shared secret". Give this information to the administrator who wants to set up the ArduKey PAM module for example.
Further maintanance: Check out the man page of ardukey-auth-conf for all available commands:
~$ man ardukey-auth-conf
You can also start the server in debugging mode. First shut down the ardukey-auth-server service which runs on the server:
~# /etc/init.d/ardukey-auth-server stop
Than start service in debugging mode on terminal:
~# ardukey-auth-server --debug
Now you will see all debugging output from the ardukey-auth-server.
Requests will be sent via HTTP GET to: http://127.0.0.1:8080/ardukeyotp/1.0/verify
with the following parameters:
| Parameter | Description |
|---|---|
| otp | The one-time-pad type by an ArduKey. |
| nonce | A random string, to make request unique. |
| apiId | The API ID, to identify the API key. |
| hmac | The signature of this request. |
The HMAC is a SHA-256 hash value that is calculated by key sorted (alphabetical) request parameter values:
hmac = SHA256(apiId + otp + nonce)
Additionally you can check out this article, which explains the complete ArduKey infrastructure in detail (the article is in German).
If you have any questions to this project, just ask me via email: