• BGPbotz
• BGP Inspect
  • Home
  • About
  • Documentation
  • FAQs
  • Reports
• Botnets
• Darknet Analysis
  • Home
  • 50.0.0.0/8
  • 107.0.0.0/8
• Flamingo
  • Home
  • About
  • Documentation
  • Features
  • Gallery
• OpenCALEA
  • Home
  • About
  • Documentation
  • Download
  • FAQs
  • OpenCALEA-lite
• PE-ARP
  • Home
  • Port Management
  • PE-ARP Protocol
  • Mapping Packets
  • DNS Support
  • Download
• PRTT
• SST
• statDNS
• stream-anon

SST

-- Scriptable Soft Token

Description

SST, scriptable soft token, is a program that emulates a physical smart card and reader. It is controlled with a configuration file which permits the user to add/remove contents from cards as well as control the PIN that protects its contents. The cards can be virtually inserted and removed. SST is based on soft-pkcs11 v1.8 by Love Hörnquist Åstrand.

SST contains four main components:

• SST (scriptable soft token) - SST is either a shared object (so) in Linux or a dynamically linked library (dll) in Windows that emulates the functionality of a smart card and reader. When SST is loaded and used it grabs its information from the configuration file and provides the PKCS#11 interface that smart card applications interact with.
• csa (control services agent) - The csa is optional, but when running controls the state of the cards and functions to log SST's behavior. SST makes queries to the csa to determine the current state of the cards, either present or not present. In the case that the csa is not running, the first token specified in the configuration file is assumed to be inserted into the first slot in the reader. The csa is run as ./csa <-FLAGS> or csa.exe <-FLAGS> and the following FLAGS are supported:
  • v - The v flag turns on verbose logging which will cause debugging information from SST regarding PKCS#11 calls to be logged to standard output
• csactl (csa control) - The csactl connects and issues commands to the csa. Csactl is run as ./casctl <COMMAND> <ARGS> or casctl.exe <COMMAND> <ARGS> and the following COMMANDs and ARGS are supported:
  • STATUS - Returns the current state of the cards
  • INSERT <SLOT> <TOKEN> - Insert the specified token into the specified slot. If the parameters are left blank, the default is to insert token 0 into slot 0.
  • REMOVE <SLOT> - Remove the card from the specified slot. If no slot is specified then cards are removed from all slots.
  • LOG - Turn on logging
  • NOLOG - Turn off logging
  • QUIT - Stop csa from running
• sst.conf - This is the configuration file for SST, and serves as the information that is "stored" on the card. The config file keeps track of the PIN, physical attributes about the physical token being emulated, and information regarding the certificates stored on the card.

Dependencies

SST has been pre-built and included in each of the releases. The pre-built version has no dependencies, but in order to build SST openssl is required.

Use Scenarios

• Firefox
• PAM PKCS#11
• Kerberos
• Active Directory

Authors

• Manish Karir - mkarir [at] merit [dot] edu
• Jim Rees - rees [at] merit [dot] edu
• Rob Keim

Download

• SST - 20100614
• SST (W7 only) - 20100614

© 2009 Merit Network Inc. Last edited by ewust