6

There's an RSA soft token app for smart phones as well as a Windows desktop counterpart. I received a QR code to be used with the phone app, but I'd like to use it on my computer. The computer version of the RSA soft token program expects .sdtid files.

The phone-app QR code decodes into a URL with the following form:

http://127.0.0.1/securid/ctf?ctfData=RHVtbXkgRGF0YQ%3D%3D

The CTF (Compressed Token Format) appears to be URL-encoded Base64 data, so URL-decoding that last part would yield:

RHVtbXkgRGF0YQ==

And Base64 decoding that would give:

Dummy Data

When I do this with the real data (which is confidential), I get some kind of binary file which the Linux file command identifies as "DBase 3 data file", but that may not be accurate. It certainly won't import into the Windows program.

There's an official utility for converting from a Windows .sdtid file to these CTF URLs (Software Token Converter), but it only goes in that one direction. I strongly suspect the conversion could occur in the opposite direction, but everyone else seems to be more interested in moving more of their vital operations onto their smart phones.

Does anyone know how to convert an RSA software phone token into a Windows RSA software token?

Hammer Bro.
  • 965
  • 1
  • 10
  • 23

1 Answers1

2

RSA SoftToken accepts both the .sdtid files and CTKIP url. It has to be generated separately for Android device and the Windows machine. Right now there is no tool for the other way around.

Checked at PM level too, as I work at SecurID team. Will see if it possible or can we get a project in the same direction.

Shaswat
  • 41
  • 1
  • 9
  • I have also just hit a glitch where my IT department only sent the CTKIP url at first and I'd like to convert that back to a sdtid file. So add a +1 to this feature request if you can. – Shea Parkes Dec 01 '16 at 01:43