This is to announce oath-toolkit-2.6.11, a stable release. OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.
The following components are included: * liboath: A shared and static C library for OATH handling. * oathtool: A command line tool for generating and validating OTPs. * pam_oath: A PAM module for pluggable login authentication for OATH. * libpskc: A shared and static C library for PSKC handling. * pskctool: A command line tool for manipulating PSKC data. The project's web page is available at: https://www.nongnu.org/oath-toolkit/ Documentation for the command line tools oathtool and pskctool: https://www.nongnu.org/oath-toolkit/oathtool.1.html https://www.nongnu.org/oath-toolkit/pskctool.1.html Tutorial on PSKC: https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial.html Manual for PAM module: https://www.nongnu.org/oath-toolkit/pam_oath.html Liboath Manual: https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.h.html Libpskc Manual https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html General information on contributing: https://www.nongnu.org/oath-toolkit/contrib.html OATH Toolkit GitLab project page: https://gitlab.com/oath-toolkit/oath-toolkit OATH Toolkit Savannah project page: https://savannah.nongnu.org/projects/oath-toolkit/ Code coverage charts: https://oath-toolkit.gitlab.io/oath-toolkit/coverage/ Clang code analysis: https://oath-toolkit.gitlab.io/oath-toolkit/clang-analyzer/ If you need help to use the OATH Toolkit, or want to help others, you are invited to join our oath-toolkit-help mailing list, see: https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help Here are the compressed sources and a GPG detached signature: https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.11.tar.gz https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.11.tar.gz.sig Here are the SHA1 and SHA224 checksums: 7e365d0fa892c4d1493585751adaec0ebd07d66e oath-toolkit-2.6.11.tar.gz a6a91cfe8aa5498d032278aa4e759e39c9b87e04f68aed55a68c9efa oath-toolkit-2.6.11.tar.gz Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify oath-toolkit-2.6.11.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson <si...@josefsson.org> If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- https://josefsson.org/key-20190320.txt | gpg --import NEWS * Version 2.6.11 (released 2024-01-03) ** liboath: Handle invalid base32 encoded secrets. Fixes: #41. The gnulib update in version 2.6.10 made the base32 encoding functions reject invalid encodings, but it appears as if these are wildly used. We now accept invalid encodings again. Thanks to Dorancé Martínez and Seres Bendegúz for reports. Happy hacking, Simon
signature.asc
Description: PGP signature