Using RSA soft token from Linux

I already discussed RSA hard tokens and ability to OCR them. This time i would like to discuss RSA Soft Tokens support in Linux. Despite the fact that there is no official Linux support i found that it works perfectly. There are at least 3 ways to use them:

I am currently using options 3 and 2 and keeping one as backup.

  1. Using official Windows software in Wine. It installs and run just fine
  2. Using Android/Iphone application on mobile phone, you will need to covert the key using RSA token converter.
  3. Using non-official open-source Linux client – stoken. It has CLI and GUI (GTK2) versions, supports batch integration and works perfectly for me.

All tokens should show equal numbers. Below is a screenshot of native Windows client and stoken/stoken-gui.
I found that all options works perfectly for me, currently i am mostly using stoken CLI because it was easy to integrate it with JVPN tool. I will update jvpn nearest days to support external authenticators.

Tagged , ,

8 thoughts on “Using RSA soft token from Linux

  1. K says:

    Which wine version do you use ?

    I need to use that one (1.4.1) which comes with RHEL6 and under this wine, rsa app can’t import token from prox’ied web. Rsa app complains: “token import failed” and wine log has entries like this: “fixme:wininet:NETCON_send not connected”. Tcpdump log shows that rsa app sends SYN, receives SYN-ACK, sends ACK and then FIN to the proxy. Why rsa app sends TCP-FIN to the proxy?

    that “smallhack” (fucking rubbish) caused a lot of troubles to me.

  2. Peter F. Patel-Schneider says:

    Looks good, but how can you get the stdid file these days to import into stoken?

    • sammczk says:

      I am not actively using this now, but before stoken been able to import all the stdid i had w/o any issues.

      • Peter F. Patel-Schneider says:

        There is now a different way to distribute the seed. Instead of using an stdid file, the soft token program communicates directly with a server. I guess that you got an explicit stdid file so didn’t have to worry about how to extract the stdid information.

    • sammczk says:

      yes, i had a local one. Probably in case of server method it should be possible to extract stdid from the windows client, but i never tried that.

  3. Amber says:

    RSA has removed the link to the converter – it redirects to another page. for Unix gives

    This webpage is not available
    The webpage at might be temporarily down or it may have moved permanently to a new web address.

    It looks like if the Unix and Linux community want to use their software, we may have to maintain the converter ourselves.

    Because WINE is always a major pita.

    • sammczk says:

      for me personally its always better to support companies which do care about opensource and linux. So for my own projects i switched to yubi

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: