David Woodhouse <[email protected]> writes: > On Tue, 2015-05-19 at 22:30 +0200, Simon Josefsson wrote: >> Can you tell me more how you would use this? I'm not exactly sure how >> you could generalize OTP-generation in a library that still makes >> sense to an application. > > The main use case I have in mind is my VPN client. The server may > require OATH tokens to authenticate. Those *could* be in a hardware > device, they could be in a PSKC file, they could be in Pledge or > something else. > > My code just detects when the 'password' prompt is actually looking for > an OTP token (by various heuristics according to the VPN protocol in use > at the time), and invokes the appropriate back end to generate it. > > The back end is specified by the user, of course. > > I guess there could be a bunch of similar use cases where client > authentication can be automated by OATH token generation. I certainly > wasn't expecting to have to write PC/SC code for myself :)
Thanks. So how would an ideal API look like? Does this make sense: otp_global_init (int flags); otp_global_deinit (void); otp_generate_oath_from_pskc (const char *pskcfilename, char **otp); otp_generate_oath_from_ykneo (const char *accountid, char **otp); otp_generate_stoken (const char *stokendatabase, char **otp); Or should the interface be cut at some other abstraction level? /Simon
signature.asc
Description: PGP signature
