Vasco Digipass GO6 Tokens with OpenOTP
How To use Vasco Digipass GO6 Tokens with OpenOTP
OpenOTP supports Vasco Digipass GO6 Hardware Tokens. Digipass GO6 works with OATH-HOTP (event-based) and OATH-TOTP (time-based).
If you know the type of your token and the secret seed, you can register an individual token directly to a user with “Manual Registration” in WebADM or Self-Desk.
To register a Vasco GO6 Token with a serial number, you must import them into the WebADM inventory. For this you need a compatible inventory file. The Digipass GO6 is normally provided with a PSKC import file by Vasco, which can be converted to WebADM compatible format. The file includes the Token secret key in an encrypted format. The decryption PSKC key is provided by Vasco in a separated document.
1) Convert the PSKC file with the conversion tool in
/opt/webadm/websrvs/openotp/bin/pkcs2inv. This tool will convert the encrypted PSKC file to a CSV file containing the Token serial numbers and OATH keys.
If the PSKC import fails, please ask Vasco for an import file compliant with PSKC RFC-6030.
2) In case of time based token, configure WebADM to use the correct time step in Admin > MFA Authentication Server. The default timestep is 30 seconds. The Time Step is very important and Token will not work if not correctly set.
After these steps the tokens can be registered to users using the serial number. In case of event based tokens, it might be required to resynchronise the token in WebADM or Self-Desk.