stoken - Software Token for Linux/UNIX

stoken is an open source tokencode generator compatible with RSA SecurID 128-bit (AES) tokens. It is a hobbyist project, not affiliated with or endorsed by RSA Security.

stoken offers the following interfaces:

  • Interactive or batched CLI: "stoken"
  • GTK+ graphical UI: "stoken-gui"
  • Shared library for use with external programs: "libstoken.so.1"
  • JNI (Java) API compatible with Android

Downloading stoken

Release tarballs are available on the download page; the head of tree is hosted at GitHub. Please submit improvements through the GitHub "pull request" interface.

stoken is available in Debian Jessie+, Ubuntu 13.10+, and Fedora 19+.

Newer (but experimental) Ubuntu packages are often available from my PPA. Sample usage:

sudo -s
apt-get install python-software-properties
add-apt-repository ppa:cernekee/ppa
apt-get update
apt-get install stoken libstoken-dev

Updates and releases will be posted here at stoken.sf.net

Android users: check out Easy Token, which is based on libstoken.

Basic usage

First, import a token from a raw string or an "sdtid" XML file:

stoken import --token 2000123456...
stoken import --token com.rsa.securid.iphone://ctf?ctfData=2000123456...
stoken import --file mytoken.sdtid

This will prompt for an optional password, so that your seed is encrypted on disk.

Next, use the CLI or GUI to show the current tokencode:

stoken tokencode
stoken-gui &

If your token requires a PIN, stoken will prompt for it. You can use "stoken setpin" to cache your PIN in ~/.stokenrc. This is much less secure, but may be useful for automation.

Modern versions of OpenConnect link against libstoken and can send an autogenerated tokencode as the password. Import your token using the above instructions, then:

openconnect -u USERNAME --token-mode=rsa HOSTNAME


stoken-gui stoken-gui --small