python-pskc branch master updated. 0.5-28-g6f0ca70
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
python-pskc branch master updated. 0.5-28-g6f0ca70
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.5-28-g6f0ca70
- Date: Fri, 15 Dec 2017 22:21:29 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via 6f0ca70650e1a4a802a1c15dc9d6c0a683ccdefb (commit)
via 9b8563402cc6401f09916d007c4ed2bbef7a676c (commit)
from 01507af106c431bbce9e44f96b85fddeb4cefd21 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://arthurdejong.org/git/python-pskc/commit/?id=6f0ca70650e1a4a802a1c15dc9d6c0a683ccdefb
commit 6f0ca70650e1a4a802a1c15dc9d6c0a683ccdefb
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri Dec 15 19:49:02 2017 +0100
Add limited support for very old draft PSKC versions
This adds basic support for parsing the PSKC files as specified in
draft-hoyer-keyprov-portable-symmetric-key-container-00 and
draft-hoyer-keyprov-portable-symmetric-key-container-01.
It should be able to extract secrets, counters, etc. but not all
properties from the PSKC file are supported.
It is speculated that this format resembles the "Verisign PSKC format"
that some applications produce.
diff --git a/pskc/parser.py b/pskc/parser.py
index 1dff363..d3557d2 100644
--- a/pskc/parser.py
+++ b/pskc/parser.py
@@ -66,11 +66,13 @@ class PSKCParser(object):
@classmethod
def parse_document(cls, pskc, container):
"""Read information from the provided <KeyContainer> tree."""
- if container.tag != 'KeyContainer':
+ if container.tag not in ('KeyContainer', 'SecretContainer'):
raise ParseError('Missing KeyContainer')
# the version of the PSKC schema
pskc.version = container.get('Version') or container.get('version')
- if pskc.version and pskc.version not in ('1', '1.0'):
+ if (container.tag == 'KeyContainer' and
+ pskc.version and
+ pskc.version not in ('1', '1.0')):
raise ParseError('Unsupported version %r' % pskc.version)
# unique identifier for the container
pskc.id = (
@@ -96,7 +98,9 @@ class PSKCParser(object):
return
encryption.id = key_info.get('Id')
encryption.algorithm = (
- key_info.get('Algorithm') or encryption.algorithm)
+ key_info.get('Algorithm') or
+ key_info.get('algorithm') or
+ encryption.algorithm)
for name in findall(key_info,
'KeyName', 'DerivedKey/MasterKeyName',
'DerivedKey/CarriedKeyName'):
@@ -104,6 +108,19 @@ class PSKCParser(object):
encryption.iv = findbin(key_info, 'IV') or encryption.iv
cls.parse_key_derivation(encryption.derivation, find(
key_info, 'DerivedKey/KeyDerivationMethod'))
+ encryption.derivation.pbkdf2_salt = (
+ findbin(key_info, 'PBESalt') or encryption.derivation.pbkdf2_salt)
+ encryption.derivation.pbkdf2_iterations = (
+ findint(key_info, 'PBEIterationCount') or
+ encryption.derivation.pbkdf2_iterations)
+ algorithm = (
+ key_info.get('Algorithm') or key_info.get('algorithm') or '')
+ if (algorithm.lower().startswith('pbe') and
+ not encryption.derivation.algorithm):
+ encryption.derivation.algorithm = 'pbkdf2'
+ encryption.derivation.pbkdf2_key_length = (
+ encryption.derivation.pbkdf2_key_length or
+ encryption.algorithm_key_lengths[0])
@classmethod
def parse_key_derivation(cls, derivation, key_derivation):
@@ -130,7 +147,9 @@ class PSKCParser(object):
"""Read MAC information from the <MACMethod> XML tree."""
if mac_method is None:
return
- mac.algorithm = mac_method.get('Algorithm')
+ mac.algorithm = (
+ mac_method.get('Algorithm') or
+ mac_method.get('algorithm'))
mac_key = find(mac_method, 'MACKey')
if mac_key is not None:
mac.key_algorithm, mac.key_cipher_value = (
@@ -148,21 +167,24 @@ class PSKCParser(object):
device.issue_no = findtext(info, 'IssueNo')
device.device_binding = findtext(info, 'DeviceBinding')
device.start_date = findtime(info, 'StartDate')
- device.expiry_date = findtime(info, 'ExpiryDate')
+ device.expiry_date = findtime(info, 'ExpiryDate', 'Expiry')
device.device_userid = findtext(info, 'UserId')
device.crypto_module = findtext(key_package, 'CryptoModuleInfo/Id')
- for key_elm in findall(key_package, 'Key'):
+ for key_elm in findall(key_package, 'Key', 'Secret'):
cls.parse_key(device.add_key(), key_elm)
@classmethod
def parse_key(cls, key, key_elm):
"""Read key information from the provided <KeyPackage> tree."""
- key.id = key_elm.get('Id') or key_elm.get('KeyId')
+ key.id = (
+ key_elm.get('Id') or key_elm.get('KeyId') or
+ key_elm.get('SecretId'))
key.algorithm = (
- key_elm.get('Algorithm') or key_elm.get('KeyAlgorithm'))
+ key_elm.get('Algorithm') or key_elm.get('KeyAlgorithm') or
+ key_elm.get('SecretAlgorithm'))
data = find(key_elm, 'Data')
if data is not None:
@@ -198,9 +220,14 @@ class PSKCParser(object):
if challenge_format is not None:
key.challenge_encoding = (
challenge_format.get('Encoding') or
- challenge_format.get('Format'))
- key.challenge_min_length = getint(challenge_format, 'Min')
- key.challenge_max_length = getint(challenge_format, 'Max')
+ challenge_format.get('Format') or
+ challenge_format.get('format'))
+ key.challenge_min_length = (
+ getint(challenge_format, 'Min') or
+ getint(challenge_format, 'min'))
+ key.challenge_max_length = (
+ getint(challenge_format, 'Max') or
+ getint(challenge_format, 'max'))
key.challenge_check = getbool(
challenge_format, 'CheckDigits', getbool(
challenge_format, 'CheckDigit'))
@@ -211,8 +238,11 @@ class PSKCParser(object):
if response_format is not None:
key.response_encoding = (
response_format.get('Encoding') or
- response_format.get('Format'))
- key.response_length = getint(response_format, 'Length')
+ response_format.get('Format') or
+ response_format.get('format'))
+ key.response_length = (
+ getint(response_format, 'Length') or
+ getint(response_format, 'length'))
key.response_check = getbool(
response_format, 'CheckDigits', getbool(
response_format, 'CheckDigit'))
diff --git
a/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml
new file mode 100644
index 0000000..3421a84
--- /dev/null
+++
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Symmetric key container with a single non-encrypted HOTP secret key example
+ from section 10.1 of
+ draft-hoyer-keyprov-portable-symmetric-key-container-00. The COUNTER
+ value was modified to be a valid big endian number 12.
+-->
+
+<SecretContainer
+xmlns="http://www.openauthentication.org/OATH/2006/08/PSKC";
+xmlns:oath-logo="http://www.openauthentication.org/OATH/2006/08/Logo";
+xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+xsi:schemaLocation="http://www.openauthentication.org/OATH/2006/10/PSKC
+.\oath_pskc_schema_v1.2.xsd" version="1.2">
+ <EncryptionMethod algorithm="NONE"/>
+ <DigestMethod algorithm="HMAC-SHA1"></DigestMethod>
+ <Device>
+ <DeviceId>
+ <Manufacturer>Token Manufacturer</Manufacturer>
+ <SerialNo>98765432187</SerialNo>
+ <Expiry>01/01/2008</Expiry>
+ </DeviceId>
+ <Secret SecretAlgorithm="HOTP" SecretId="98765432187">
+ <Issuer>Credential Issuer</Issuer>
+ <Usage>
+ <ResponseFormat format="DECIMAL" length="6"/>
+ </Usage>
+ <FriendlyName>MyFirstToken</FriendlyName>
+ <Data Name="SECRET">
+ <Value>WldjTHZwRm9YTkhBRytseDMrUnc=</Value>
+ <ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest>
+ </Data>
+ <Data Name="COUNTER">
+ <Value>AAAAAAAAAAw=</Value>
+ <ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest>
+ </Data>
+ </Secret>
+ </Device>
+</SecretContainer>
diff --git
a/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml
new file mode 100644
index 0000000..41c57f6
--- /dev/null
+++
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Symmetric key container with a single password-based encrypted HOTP secret
+ key example from section 10.2 of
+ draft-hoyer-keyprov-portable-symmetric-key-container-00.
+ The Value and ValueDigest values were fixed to be valid values when using
+ the encryption key as HMAC key.
+-->
+
+<SecretContainer
+xmlns="http://www.openauthentication.org/OATH/2006/08/PSKC";
+xmlns:oath-logo="http://www.openauthentication.org/OATH/2006/08/Logo";
+xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+xsi:schemaLocation="http://www.openauthentication.org/OATH/2006/10/PSKC
+.\oath_pskc_schema_v1.2" version="1.2">
+ <EncryptionMethod algorithm="PBE-3DES112-CBC">
+ <PBESalt>y6TzckeLRQw=</PBESalt>
+ <PBEIterationCount>999</PBEIterationCount>
+ </EncryptionMethod>
+ <DigestMethod algorithm="HMAC-SHA1"></DigestMethod>
+ <Device>
+ <DeviceId>
+ <Manufacturer>Token Manufacturer</Manufacturer>
+ <SerialNo>98765432187</SerialNo>
+ <Expiry>01/01/2008</Expiry>
+ </DeviceId>
+ <Secret SecretAlgorithm="HOTP" SecretId="77654321870">
+ <Issuer>Credential Issuer</Issuer>
+ <Usage>
+ <ResponseFormat format="DECIMAL" length="6"/>
+ </Usage>
+ <FriendlyName>MySecondToken</FriendlyName>
+ <Data Name="SECRET">
+ <Value>F/CY93NYc/SvmxT3oB6PzG7p6zpG92/t</Value>
+ <ValueDigest>hN793ZE7GM6yCM6gz9OKNRzibhg=</ValueDigest>
+ </Data>
+ <Data Name="COUNTER">
+ <Value>VVBYqRF1QSpetvIB2vBAzw==</Value>
+ <ValueDigest>6clqJvT9l0xIZtWSch2t6zr0IwU=</ValueDigest>
+ </Data>
+ </Secret>
+ </Device>
+</SecretContainer>
diff --git
a/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml
new file mode 100644
index 0000000..18e266d
--- /dev/null
+++
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Symmetric key container with a single non-encrypted HOTP secret key example
+ from section 10.1 of
+ draft-hoyer-keyprov-portable-symmetric-key-container-01. The COUNTER value
+ was modified to be a valid big endian number 42 and the file version number
+ was removed.
+-->
+
+<KeyContainer
+xmlns="urn:ietf:params:xml:ns:keyprov:container"
+xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo"
+xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container
+keyprov_pskc_schema_v1.1.xsd">
+ <EncryptionMethod algorithm="NONE"/>
+ <DigestMethod algorithm="HMAC-SHA1"></DigestMethod>
+ <Device>
+ <DeviceId>
+ <Manufacturer>Token Manufacturer</Manufacturer>
+ <SerialNo>98765432187</SerialNo>
+ <Expiry>01/01/2008</Expiry>
+ </DeviceId>
+ <Key KeyAlgorithm="HOTP" KeyId="98765432187">
+ <Issuer>Credential Issuer</Issuer>
+ <Usage>
+ <ResponseFormat format="DECIMAL" length="6"/>
+ </Usage>
+ <FriendlyName>MyFirstToken</FriendlyName>
+ <Data Name="SECRET">
+ <Value>WldjTHZwRm9YTkhBRytseDMrUnc=</Value>
+ <ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest>
+ </Data>
+ <Data Name="COUNTER">
+ <Value>AAAAAAAAACo=</Value>
+ <ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest>
+ </Data>
+ </Key>
+ </Device>
+</KeyContainer>
diff --git
a/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml
new file mode 100644
index 0000000..4fc9511
--- /dev/null
+++
b/tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Symmetric key container with a single password-based encrypted HOTP secret
+ key example from section 10.2 of
+ draft-hoyer-keyprov-portable-symmetric-key-container-01. The Value and
+ ValueDigest values were fixed to be valid values when using the encryption
+ key as HMAC key and the file version number was removed.
+-->
+
+<KeyContainer
+xmlns="urn:ietf:params:xml:ns:keyprov:container"
+xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo"
+xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container
+.\keyprov_pskc_schema_v1.1.xsd">
+ <EncryptionMethod algorithm="PBE-3DES112-CBC">
+ <PBESalt>y6TzckeLRQw=</PBESalt>
+ <PBEIterationCount>999</PBEIterationCount>
+ </EncryptionMethod>
+ <DigestMethod algorithm="HMAC-SHA1"></DigestMethod>
+ <Device>
+ <DeviceId>
+ <Manufacturer>Token Manufacturer</Manufacturer>
+ <SerialNo>98765432187</SerialNo>
+ <Expiry>01/01/2008</Expiry>
+ </DeviceId>
+ <Key KeyAlgorithm="HOTP" KeyId="77654321870">
+ <Issuer>Credential Issuer</Issuer>
+ <Usage>
+ <ResponseFormat format="DECIMAL" length="6"/>
+ </Usage>
+ <FriendlyName>MySecondToken</FriendlyName>
+ <Data Name="SECRET">
+<Value>F/CY93NYc/SvmxT3oB6PzG7p6zpG92/t</Value>
+ <ValueDigest>hN793ZE7GM6yCM6gz9OKNRzibhg=</ValueDigest>
+ </Data>
+ <Data Name="COUNTER">
+<Value>VVBYqRF1QSpetvIB2vBAzw==</Value>
+ <ValueDigest>6clqJvT9l0xIZtWSch2t6zr0IwU=</ValueDigest>
+ </Data>
+ </Key>
+ </Device>
+</KeyContainer>
diff --git
a/tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest
b/tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest
new file mode 100644
index 0000000..ab10a39
--- /dev/null
+++ b/tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest
@@ -0,0 +1,180 @@
+test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest -
+ tests for examples from various versions of
+ draft-hoyer-keyprov-portable-symmetric-key-container
+
+Copyright (C) 2017 Arthur de Jong
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA
+
+
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
+>>> from pskc import PSKC
+
+
+This reads a simple PSKC file with a single non-encrypted HOTP secret key
+example from section 10.1 of
+draft-hoyer-keyprov-portable-symmetric-key-container-00.
+
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml')
+>>> pskc.encryption.algorithm is None
+True
+>>> key = pskc.keys[0]
+>>> key.manufacturer
+'Token Manufacturer'
+>>> key.serial
+'98765432187'
+>>> key.id
+'98765432187'
+>>> key.algorithm
+'HOTP'
+>>> key.expiry_date
+datetime.datetime(2008, 1, 1, 0, 0)
+>>> key.issuer
+'Credential Issuer'
+>>> key.response_encoding
+'DECIMAL'
+>>> key.response_length
+6
+>>> key.friendly_name
+'MyFirstToken'
+>>> b2a_hex(key.secret)
+'5a57634c7670466f584e4841472b6c78332b5277'
+>>> key.counter
+12
+
+
+This reads a simple PSKC file with a single password-based encrypted HOTP
+secret key example from section 10.2 of
+draft-hoyer-keyprov-portable-symmetric-key-container-00.
+
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
+>>> pskc.encryption.derivation.algorithm
+'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
+>>> pskc.encryption.derivation.pbkdf2_iterations
+999
+>>> b2a_hex(pskc.encryption.derivation.pbkdf2_salt)
+'cba4f372478b450c'
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.encryption.key)
+'651f8b1cafafa433d8c46ec996b3a274'
+>>> pskc.mac.algorithm
+'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
+>>> key = pskc.keys[0]
+>>> key.manufacturer
+'Token Manufacturer'
+>>> key.serial
+'98765432187'
+>>> key.id
+'77654321870'
+>>> key.algorithm
+'HOTP'
+>>> key.expiry_date
+datetime.datetime(2008, 1, 1, 0, 0)
+>>> key.issuer
+'Credential Issuer'
+>>> key.response_encoding
+'DECIMAL'
+>>> key.response_length
+6
+>>> key.friendly_name
+'MySecondToken'
+>>> b2a_hex(key.secret)
+'65670bbe91685cd1c01be971dfe470'
+>>> key.counter
+100
+
+
+This reads a simple PSKC file with a single non-encrypted HOTP secret key
+example from section 10.1 of
+draft-hoyer-keyprov-portable-symmetric-key-container-01.
+
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml')
+>>> pskc.encryption.algorithm is None
+True
+>>> key = pskc.keys[0]
+>>> key.manufacturer
+'Token Manufacturer'
+>>> key.serial
+'98765432187'
+>>> key.id
+'98765432187'
+>>> key.algorithm
+'HOTP'
+>>> key.expiry_date
+datetime.datetime(2008, 1, 1, 0, 0)
+>>> key.issuer
+'Credential Issuer'
+>>> key.response_encoding
+'DECIMAL'
+>>> key.response_length
+6
+>>> key.friendly_name
+'MyFirstToken'
+>>> b2a_hex(key.secret)
+'5a57634c7670466f584e4841472b6c78332b5277'
+>>> key.counter
+42
+
+
+This reads a simple PSKC file with a single password-based encrypted HOTP
+secret key example from section 10.2 of
+draft-hoyer-keyprov-portable-symmetric-key-container-01.
+
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
+>>> pskc.encryption.derivation.algorithm
+'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
+>>> pskc.encryption.derivation.pbkdf2_iterations
+999
+>>> b2a_hex(pskc.encryption.derivation.pbkdf2_salt)
+'cba4f372478b450c'
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.encryption.key)
+'651f8b1cafafa433d8c46ec996b3a274'
+>>> pskc.mac.algorithm
+'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
+>>> key = pskc.keys[0]
+>>> key.manufacturer
+'Token Manufacturer'
+>>> key.serial
+'98765432187'
+>>> key.id
+'77654321870'
+>>> key.algorithm
+'HOTP'
+>>> key.expiry_date
+datetime.datetime(2008, 1, 1, 0, 0)
+>>> key.issuer
+'Credential Issuer'
+>>> key.response_encoding
+'DECIMAL'
+>>> key.response_length
+6
+>>> key.friendly_name
+'MySecondToken'
+>>> b2a_hex(key.secret)
+'65670bbe91685cd1c01be971dfe470'
+>>> key.counter
+100
https://arthurdejong.org/git/python-pskc/commit/?id=9b8563402cc6401f09916d007c4ed2bbef7a676c
commit 9b8563402cc6401f09916d007c4ed2bbef7a676c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Mon Sep 19 19:55:08 2016 +0200
Add test files from multiOTP
This adds tests for parsing the files that are shipped as part of the
multiOTP test suite.
https://www.multiotp.net/
diff --git a/tests/multiotp/pskc-hotp-aes.txt b/tests/multiotp/pskc-hotp-aes.txt
new file mode 100644
index 0000000..d67b3e6
--- /dev/null
+++ b/tests/multiotp/pskc-hotp-aes.txt
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>q+ZCUiDoHbBbug4XilKtI+9T99F/xZsb1T1ra35qGwLLA97mHDWnptpFIBZu8HKy</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ0000000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ0000000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Ze63bjoRjdZRxFs8RouCE5BMP/ust0gAhCd0O8BWNn1e8JSg74hgv3/QIxv4r3lw</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>PrKAa1V4eIP98Lh5Yv1hcSmJoxs=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>FErCcdjsEpAu/P4xvt3XbIsAm6FC3HpzZdRsIN/wADo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>kuha13YGJLmwKRxt8fDY03IoGxk=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ0100000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ0100000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Ce/Mwl6WBZfuPI4OIoWhcY5G46oAznRrsYQ1zBhqMblJyf44+UIyYMHQ5gFY/e9Z</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>qa4SZaEiwoSIDgrnvKI5c0/1nEg=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>n4g7hX9wq1wrxRX9W21p2FQgAjOwnvYFye8D8n4+Nc0=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>5mEA0KtQRmpMltb3/AkCUzwbdaw=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
diff --git a/tests/multiotp/pskc-hotp-pbe.txt b/tests/multiotp/pskc-hotp-pbe.txt
new file mode 100644
index 0000000..053374d
--- /dev/null
+++ b/tests/multiotp/pskc-hotp-pbe.txt
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <pkcs5:PBKDF2-params>
+ <Salt>
+ <Specified>Ej7/PEpyEpw=</Specified>
+ </Salt>
+ <IterationCount>1000</IterationCount>
+ <KeyLength>16</KeyLength>
+ <PRF/>
+ </pkcs5:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED"/>
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>Passphrase1</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>3Y5KqMW+np7kK8GpMDP+90A6VfM/inEqxoJyy93GUPE+4aaL1fwdjyiiQz/0v9vB</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ0000000002</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ0000000002">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>o1hcXgyZNxLXiopuyNyZhkbooppb/xUierAPRFKu9eSS0WubkhhOt8iUP5aD0731</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>X/EFKw8NsRV+alKO8VOnQDrK3sc=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>6HhzB+wO/7/zJbNmLYaFd3awuEHXbck5AFb66rEsaZo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>fqp0U8/7qMJEs6GyfnXnACn0Z2Q=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
diff --git a/tests/multiotp/pskc-totp-aes.txt b/tests/multiotp/pskc-totp-aes.txt
new file mode 100644
index 0000000..745cd34
--- /dev/null
+++ b/tests/multiotp/pskc-totp-aes.txt
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>aJtbg144FkWB+rAdIZLEYGeBguzImDC/s+u6hvQpbn1HKH4d9okcfRVDE1eKc/em</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ1000000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ1000000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>1/4klvTYXsM7n35dRXD8DEUmG9msDTFGj7iYPbSWd62eEdnBUDTHvuHSo0H1Oa8x</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>FSJiyiNOXUvDl42te34LPpmQA00=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>30</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ1100000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ1100000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>LHgaE/1m+DeXjNhWVA5BJsX/yv6KZmAWnVG5q6dQkkWbGu0ZO9QvqhBUxU0qoe4W</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>1HZvOMVLYU52SnE+98BTxDZrDds=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>30</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ1000000001</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ1000000001">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA256</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>gDk4Xm6Ab4cABb8oVzDbxbHP2UqjdhwuoV2z9NQvW5uV3dqpU7uApCTF9y20IX8uEViEur80QzgftiNlnX6RRw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>H1cru72pCCWvSuL7jES0Rp0nKOM=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>30</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ1100000001</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ1100000001">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA256</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>HbKFsvEFtqDd8fOrKbigA+7wv47Fdfv1m8BWclZGupgixFiqY9B5LrZq7e5Vd4QcTNatmMW2fDmNdSVbMs91rw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>xQvm4mScVI+7GivxvodoTIy3rLs=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>30</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
diff --git a/tests/multiotp/pskc-totp-pbe.txt b/tests/multiotp/pskc-totp-pbe.txt
new file mode 100644
index 0000000..24dca0b
--- /dev/null
+++ b/tests/multiotp/pskc-totp-pbe.txt
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <pkcs5:PBKDF2-params>
+ <Salt>
+ <Specified>Ej7/PEpyEpw=</Specified>
+ </Salt>
+ <IterationCount>1000</IterationCount>
+ <KeyLength>16</KeyLength>
+ <PRF/>
+ </pkcs5:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED"/>
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>Passphrase1</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>sMSFumtOPpf+FRlkpLQNBAfLijJmm6L8iU2QgnrEpYpsukP2ewzFmGnTDtWUmtHk</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ1000000002</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_007</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ1000000002">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>+VJbRq6uiXOfcLfiWG6SlN3wtYoQ8LesDU3BolqPeoZe6fQVG2J5F3ryBZTtIZvM</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>fjI2IRbUxUYU24boM6atz+RHRV0=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>30</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
diff --git a/tests/multiotp/tokens_hotp_aes.pskc
b/tests/multiotp/tokens_hotp_aes.pskc
new file mode 100644
index 0000000..6a62665
--- /dev/null
+++ b/tests/multiotp/tokens_hotp_aes.pskc
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>wrjW00DjkG/3Ti5w/+MmSQAiBWho8CPjT7GtcQ59PWaOd00kXObQ0N2DZXEViu4i</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ7000000001</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ7000000001">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA256</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>yEJynmqPig2WnnEdBaT7Yq3XkPbPiTNpaGmJFVOyzxzS3aSYEAZRCEf7wHA3Fvk/kDHEvQks3t9eVV0JV7Y/uA==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>OEPJcjpyjHKZSFheQU551nb0ls4=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>mZ+p+VX8Trg1lKkndr5p7/O9ZyS2dU5DD7cpZljhQ7o=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>sFa44n9rrsfWq+KcIffF1Xl3Auw=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ7000000002</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ7000000002">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA512</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>fE30qGXYpqP6D4k5cCHVMMIkaJr4cJZN7oOjRWZ8DOJ8Wk3e+MoUUO3wyRa3UOz5feOvXMGlhUH9uuS0G88U9QIYcuscHuh6X/BTAaaJyrOQZmZOzfBq9Mky8+/dihHW</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>KxF+McV9MoIwJWZkmVturQ8/GwA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>u2U0Zys7h+Le/fE6Y36E3+jvU8501bQaZ9bDnQKoFTo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>qIg1lePsFokepjWYGUh14kqzsYQ=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/multiotp/tokens_hotp_pbe.pskc
b/tests/multiotp/tokens_hotp_pbe.pskc
new file mode 100644
index 0000000..ac89351
--- /dev/null
+++ b/tests/multiotp/tokens_hotp_pbe.pskc
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <pkcs5:PBKDF2-params>
+ <Salt>
+ <Specified>OtMW8Un/HGSlXFr/2kG1cQ==</Specified>
+ </Salt>
+ <IterationCount>1000</IterationCount>
+ <KeyLength>16</KeyLength>
+ <PRF/>
+ </pkcs5:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED"/>
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>Passphrase1</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>FTqUDYQ8Y/7T5bLHBQD6n9bDkgJWBIbAnf3FFKW7HVBs6zJEyPnG7OCzeZoVurdK</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ7000000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"
Id="ZZ7000000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA1</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Np1sHx016g2ZxvQtVqDRNMKYv6q+Hg0Nkapeg7RtoqDx8aaEhC1b5VJy9PmW3q8w</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>oZw2yK9JoL9DpX3/yogFMn9PYv0=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>uE85joDN6QDu7CZ5+GkiVQ7JTS2gIJi/2/y9/F5Guos=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>TJToGTyf/oVMePIVjx5XZDZfg6c=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/multiotp/tokens_ocra_aes.pskc
b/tests/multiotp/tokens_ocra_aes.pskc
new file mode 100644
index 0000000..062cb5b
--- /dev/null
+++ b/tests/multiotp/tokens_ocra_aes.pskc
@@ -0,0 +1,1216 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>U+4mSH23ab4JKjBqJ35favjKfKY3hf9sWKp/P7L/TAqpcxUYGSUeK/RMfL0Fv9hy</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000001</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000001">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QN08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>lrdvTkSeq9hj9QimjKE9hcH/OkmWpmxsmJ3fP57AqHygLTrUs88MVW8KB+h5yb9r</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>we9aOQ8+UUsWIZAd2I/eqnlJ1Cc=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000002</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000002">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>aYojAzVasgEkxJhbOrBCfIikgi686p4u3TILah2QT2m30SgiT/wCSzTpLXUQBuoirzKfkjbd3Bpco3tHyzc+2A==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>X4R8LvhswobqWv45doqicRNEtzM=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000003</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000003">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA06-PSHA1</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>8bxb34b2HoBWaVPbBwdLy5HI+/i036YdZz0h0MyuvIKEvGnHI9GmuGJGUXebfgCY</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>cWN0g8q6Fb3HJNcXla0CSoOMe3A=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:PINPolicy PINEncoding="BINARY" MaxLength="20"
MinLength="20" PINUsageMode="Algorithmic" PINKeyId="ZZ9900000003"/>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9900000003</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"
Id="ZZ9900000003">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>3piq9NJAzfkcZ7z1Iu7IpLB1CjdzY4gNQyiOVnW+kcdhBW4NTTqmHx6o8mmSuE68</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>4pQgbgcE1B2lBRhRmqv5HRYcbN0=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000004</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000004">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:C-QA06</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>STKpyutR8Nb3BbjNmG8kf7NoTO66yccq5C9MDCZF2AXMUSDEdUhqMwqjfhg92Qu5</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>3T1/FGP1wIAVOB9ViVXs6kBQs/g=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>xasM5vP1vlZBimdMLWoqJWuZNJMY1iEKDnw9MgB0F9I=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>xw+qx3/xyXDYosr3n7PU3barLSU=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000005</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000005">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:C-QN08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>ZCAx2z7qNDvmPRPyXpvQsZkoZjiaSlNnMaz1bh5ZWAdWtYMuvSgMkPtDN0xE8KgZ</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>2loMyhUVMcJFUmMEfdriuPZNgLA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>aVN/any99YJCpczoTns7H5JwyPUR8OQwNI2lLf4imhQ=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>AXc+jkG1uZOHcCXyMcqIdm7QCpA=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000006</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000006">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:C-QA08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>BZzl+whnM71kkdW1uoY1mjM5mvNWZFxn3f5yGaZ+kuODAqgPrvqq531ipEvke6JkARSwOWddvYyOm34Zm+LtZQ==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Ko/kWZbKecJ9S8W+yE86UUcy/Ko=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>ByzvSK/7/5kXCsu2vfwl5sOIIbiD9pON5TSXFEkuwUE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>xqmZLntYdIwYdYmNzB3ZMB3+058=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000007</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000007">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:C-QA08-PSHA256</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>b8LoriGzVqbmb9MFSr6Y/Ryj+ltGY12xWoaBuyD44ZwmwKttlyuMu1+mbSVO1jnC/vKPIy5aiDK3IeFV7/BKFA==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>k5uW1xUA2FzmmeWPnjazgHJuJEU=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>tYYVbxkQ4meKaMRNRilYbHw2p3rodjakQT34MTgp9ik=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Wh0MFLFLdNYrF1wdz5qQC0bXCAY=</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:PINPolicy PINEncoding="BINARY" MaxLength="32"
MinLength="32" PINUsageMode="Algorithmic" PINKeyId="ZZ9900000007"/>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9900000007</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"
Id="ZZ9900000007">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>WKU7EnTKQqtMTG28HxAbAiZdM8YSnmJPNubxIu/aPU92aN+Mun8CDfJeNMQHcQIz3Etq8VvTn+rZoi9cP13CLw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>p3bXVz9GTL+davWpoHLe1wnECLk=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000008</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000008">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA06-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>0H0ol1Cz2cwNLyWM6tm+4qcyZElq6Pax/FgFd/8SVyio5yeyaxCjVe38uA0bqyCm</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>H6ZOVXjnoPCGww/3ol0Sh1Y1sOQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>QLbQdbGX+w0QSRVmBSoxtEdYr2gdzVf8YdlDA1qZ4EM=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>NZ46EI9Ht/sgJFREVWMFcaDA6M0=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Q4mCcvb1/2TAm464+MeCyoZLAZxo20D6QLWYfew71y8=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>kYnUTH85koj3pVJjYKP6HnCd0Ow=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000009</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000009">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QN08-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>2G50v7BqR/c7qYl3ya4dhStvrcMzkM+CMpwT0D3DuTMkI/m43wHM0Ujmbwjxm+6X</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>X6513x4mOmjlU4BedoX1Zha2npQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>m42G5E/Wv102ESFI5u+OGLiMsXW1/ZgH33NTOOH1WCw=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>8DeEbx1p8Mdbg0eocOHeXFXWCUE=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Ay4C6M0IqRKZYpRp9Au+aswdDDorRlalmwicbNF/P94=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>1C8jh1+FEQsAQvv39iW95broEkU=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000010</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000010">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-6:QA06-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>bRVzcE4zXD1bbi4ZBXEMLDxhboBPi4rRvZIvMGfe9it+99OrFumVj0B66VZkP32vLtx4w6hagxZoVm8Gynck6Q==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>A7mJ6qIw+1TiUm5Prsel3RcrFtI=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>poGDc45s8KwViudS065t+InpbSLam13d0ivLGmdELSA=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>lOrmfIiH3Uun4kz+/eTO4OFs3Ww=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>02GUkSl7MPZKVJcBL0OA6zsA3/ztQknHgaSGNpE6kUI=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>0Y0n7RthG4WeewJOL9unWxRHW20=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000011</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000011">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA08-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Vkrhf45HuiXuZyxXQ9O+PZI/uj674QzB8O8z6w3M7o+kGjI+jCCXXpeizcHmQMpqY9R6CyP66efXmMlNYbv1Jg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>6oKfnDGLVAHCSyikMHr/KMPDxIQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Wxbolq2j5VjQe5vYVMgcSwMyD7qp2/7eMCesJrWUM/E=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>ux785A8C7k+JZOUKuUtUspOEBBo=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>nr9bxUFwrD3dmOCAyjC8J/NzHDkvCap7qqNkyTQBjAY=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>fWzAHMMua1p1MJ1GDL37SL1KeFU=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000012</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000012">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QN08-PSHA1-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>DkhESbLkTy5DwNg45IDIveBsoxvDAk3MDdneVNlDhZOaI0w1QVwSLwJpSsnISD8x</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>93VEBONW7G4UETgF24EPHcvBvMc=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>oRjGEzmzMgt7hlTc1+pzulebdNovZRRYq8vyfl82M74=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>3u17msMz3fL4F5cRqHzVla2SExQ=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>dsyLJivZLCS3F0AznNakR49t5NyQiD1dhHGJGFw5nWY=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>VevPslQOu3j8iqgMe9djGxOLD1w=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:PINPolicy PINEncoding="BINARY"
PINUsageMode="Algorithmic" PINKeyId="ZZ9900000012"/>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9900000012</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"
Id="ZZ9900000012">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>A4WAKWpJ7cLE9XiPEbKw/CDmAi7H8rtV9p1shcoo2YrVOgBmiXACT8VUaFLSfMzB</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>41GurI1n2Z6Kk9UKBoTnxH8j+N0=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000013</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000013">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA08-PSHA256-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>zrXIQIx5F03cfaRYwJlnwnDDFzTAwxjtF4KnN3Brs9kISfX/0QfJ80lHtQn45dtHaAcmtJMgfI19DpvlSVPLOw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>UhS9tgvwHZnuK1qN8yaZIfxPTFE=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>2Kmbco73faBtAE1GQGZlW2CudPy+1ttdv4uIhucZJPM=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>D9ug++7+F8Vgz6EdIZYHW5zgN6E=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Dsa8e4kXeccvO5bV1hr3aNgOr9iSlGizp2BvvFkZ7jI=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Pdr9y7KRtpkLDYeN6IUQ/Mt7Z0o=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:PINPolicy PINEncoding="BINARY"
PINUsageMode="Algorithmic" PINKeyId="ZZ9900000013"/>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9900000013</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"
Id="ZZ9900000013">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>9Jrxfs1YlWcOLlsnRsC9BCr1jsLeCxuzFMu3fb2UifkAFzpyIJmdGGLrHVgz6XuqTq6R+wvTczNyBlqL6Eec4g==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>DEd9uUkZS5otw3NoAljFYCiG4M8=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000014</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000014">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA06</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>93rMicSI4iJq4/GnE8xCHPCZg6yDxbyhHYMULxfNJTl9o0ej5e0NJai7idXpZ0dy</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>gZaMejTDMm7HzBlr2s9JSVYMYuQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000015</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000015">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QA08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>v/a768VMIE/ILhM0ECvN2SRdQOy/aRAbDGyQ/zhKdhWwxaX3yqWdj7Jf2XfUuccb</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>a9c35TuApOMWiTcCvTmqoAz0cTo=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000016</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000016">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA08</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>+IwfWgQtRPu7ltWK15F/VO71E6HTGF2qxUcGtxToXRklDD9k2fNuz/XrM1txjV2SVWCUIZc0V38na6h4MJi0Sw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>bkKCVLivS0quRvTQg2x1gvX6kY0=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000017</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000017">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA06-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>ESnLJlQD85YtFq5sDwLo4mwlMKbNgnCIk1wgVzZlCKH+KVFCr0S2HcdqA18iHklf</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Esd7kmOtLwGsnfvnEAUW+gcEFMQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>9sem1svGk57xGg9vw68KnUfw1xPJOOmAEFe56FijwLw=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>qG9EiRdQi9CBD8N6AQBLnbRdrgU=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>IjjpMqJQ/8PhB8m8CHuOQY30LRtdxZU5I9/DB6yYAZo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>v6fPyj34+fDabjOGOMcHs+UYh64=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000018</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000018">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QA08-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>FNJtVaoXkbTL55ZiLaJskew4ldRebOAha+SErJfRw6KYeeQDoRvAKoCvJSprpNHQ</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>OsA/kz7r9aJFsIi+A9fnZBQMNwA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>cX4bi1203JI48hWsftfzNDqd2HEjN4GOLZZZOmcwMBM=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>PfWAQmkkgDoVHzSuP0z3Zp1y0ME=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>8f6TlXcEKVozm68TSE0bEzAvN2VmLlKOAB/XJANFFXQ=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>fo6Psq89kQEFJMVBMP9V7XqVbJM=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000019</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000019">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-6:QA06-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>kgcOrgBjm4ko/wb3zauucOANcNJK9pm//dwEs1tVc0DVC9y1k6AihtLVc+T+Qj5O0/ozYwP5AbLxvCK/7l4vKg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>wWE/RcUaiD91hdPtIyel0we6acA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>D8E4aP+BX+yOrCqbMm6o4nrc1gB4JMVhwp6hUFaIVo8=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>2XGFP2m0aAL9qjmRECqFPlqLQrk=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>KwVJ2SykUK4A0/40Oc4S0EsMkNiSoLA5BrVYMV69MhY=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>cMGUHUA2Aj/724eezVljb351d5E=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000020</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000020">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA08-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>A1uqZaf3GyTvwkx2v6uh9pKRzil05k+Cof3CD8jVZalmWgfp6mnDxGDOEB1fHgN4nHqocpgaNDeukbMNkyEfIg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>1pU7gblaKHQMg8M4+OnU1y5z580=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>bUyYhX5ZXmS7aAmJO3uTuhj3HWuj0FYNMXRPkbtHkrE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>GbilU0KldLYm2qzgmerdi/YdmVc=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>BOpE7cNil/vt29rZZv9oRnXaH6Be5+nZsVr2ld71pew=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>O4v8BGevBGDlgD96lvM0g+bnndA=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000021</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000021">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QH40</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>cW7wssP4ofGpmXCMygejt6THgKKK6oE+vZp67VXR1dYZCrH6d5kmgPB4C+0isgl0</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>7ez8ijPPcmu5akvkEj3hNQzdzdo=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000022</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000022">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QA32</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Atlpw0AmlQZeqZjUbyAx/dGxPOCt+nfmzl0L5D0AvuDuRsRxeE4sOnCYt7EULSk9</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>IKARR2Vs2kdLv4OyaLX5ylKrbyw=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000023</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000023">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QH40</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>i71y5cubNftGXQelHjkN9OaDfmIxl5e6EDAsPU1czgbJ9EC4VoBL3lWeBAUzKF0C</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>lbaC6WXRCoqcoTyJURdtgHqeqiA=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000024</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000024">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA32</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>JTz8SLxWk3KJndIFj8cFStAL4wptD918xF43lkX69CGi3Cv+SIvxcYSFkz+3cudIEitqnWsJeUFWGoPyh8kT/w==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>XoweMnAqLMh2KWnCDNx0rpoPucA=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000025</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000025">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QH64</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>EHhmfSBnElpTYcvgx2LgoQaxfQjuKXR7p78BWNpt9ToT5EufihiAhe6CMACVfV/dIeiEJpaFgNtrPQT9/CJ24g==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>ljgNnKpoBXVOjsQbzPBGcS5ogqw=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000026</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000026">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA32-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>vwpradcA029rA/yj6HcUJwl5ylkrEqp8aNALDwiMMu9A+Oz6jE60mvTAGCZqSSoe</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>N9zH7bQi+euQZ94scr12ZdR5Dek=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>YAK8r3BxdVd9w3aO37G0ZHQ/sQWAK+GA9RfcFP15pcA=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>gwItZVroPaJdiZYTfH4p+fX6mZk=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>DswW6MGFaOUNlJWef9kJ+rmfZqUyhZdn8Hyj+6P+RPw=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>4iLnj+1VWxtPDSdCTbO8mmffzU4=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000027</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000027">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QH40-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>oVP8EpcI8WA0Qd7PPsYSG9TSP9T+Qrj9I4euTDqPkAvGAeVmjagHBibpFs10k8bB</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>VU/O2/FQZw9ZzYLVUJhs1zK+MU4=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>jL4JpbKmkvtVdthap2Mmsl6DK7H0FM+SAhsSuPmrB9w=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>UTlNoBXskvQydI+kPJjy5BVDwvA=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>NGwF8XfW28qcqGlxkim7RxmD8+blsMmV3a5CjQ+b2H8=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>cIAvElM0Xob5tamSmbTmUts6FO8=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000028</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000028">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QA32-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>inBVnKPWyvjYRemW54qbFCkaV8QSdkM+yHnvWh+tc5QMgiv8+3+IjwVV60/7jHI/</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>X+hTYvcTw8bFcMCcXm8YnG5BObA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>lnGeD5pFoGu8FMJwblbKKCwTFOitZpFLz+jHlFuKnxw=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>GxJhXxwDE3E75whjA81ww2xiDbc=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>HaHrtO8BBYHkXLfXdiQCoemwr/LeYdDvHC+4V+HgniU=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>VBsN2fam75+cNarN0OfKXYks9Tg=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000029</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000029">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-8:QH40-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>I+ifaWEYZ4anCimA5BA1mwGMYkczCgDJGs9jhtTbviNhFUxwxj7ejCMgsf6cEk8X</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>1t7hwN9GMibAcCcN2sJr24tUZcA=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>pOklWp9UxC4t4zQqsW/xUbWBoChfc1VBNlA8SeKxusA=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>mwd7xtihR/iBVsHK+UGAZfEDSFk=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>epsMCzzn6JvhOhYK9tLIxaOR0bEHcFAoTcu5qk0Hcho=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>+yUkk7ZmmjrjMVc3xPz5ROlKgI8=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000030</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000030">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-6:QH64-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>O7+CQ9pcYN0MtbqiZ3g0Tso3CvYzCrDTV9Kh+wwqZkoTV5/jg4l/eZXfRM8E8JkD1K7MlgibA0PhwtlV8DMIIA==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>aKwqMJLS4MICd4PMGKUsvb0lbIQ=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>jz2bjkZ03IjwWyl1gZqiHoJjv/AjK7/TOA9qW6fLfhQ=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>NHfciyj3u1IhENAoBvohcRF9Wx0=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>KO0Po1NyLSTkHf6niARIocLJUXLrdz7e4qiowd/NPtE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>mdbPUCunsrog0KT3uo4MRQZiMqM=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000031</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000031">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QA32-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>d17Oq0cv1HFK/XEAmASgK0DlMHiO8W950Wpf5is4BMXY9D1ot5n5nnZGEftd8IoX95il7K5aBdKfBFnl2ZuFZg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>p2yeNXvUOxKsU29oz9b66s2XrkM=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>TotQApim/RCnT8MhiFkudOaBptHFU9iESxQk9exa7mE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>R6Nmk8Gjcx35T4XYIk4I7uG56V4=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>8O/Hsl1q8sR302k1CJWyFtrmQUWq/ZrE/WwEZY7Bg4g=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>1K2lB+KnTWAKicqqpEWf91XAIj0=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000032</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000032">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-8:QH64-T30S</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>jAZ2fmJOcMxeOB/0uc1Oo4egMStEMpPHGDpN11wuCv32WrshyMIuZ8pLaYHE1M0jRWRYIy2bTxSiEt4OvSZoqQ==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>XdjbNQkRNpkHtXk3Nw9YqFcA4mE=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>zLRD33LH/x0e4vZTMpeBBRa+1JWmr4J5qNmLh+p1eTo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>dyaS1yjyDW4PSt9vGHyn6sBmKas=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>1or92lj58ODH7gFDQmD9kydoPSMb2oMdDpo5AwP79Zk=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>z0tP1ak/jhxAyUs3t2Y83DxBnOw=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/multiotp/tokens_ocra_pbe.pskc
b/tests/multiotp/tokens_ocra_pbe.pskc
new file mode 100644
index 0000000..2863d03
--- /dev/null
+++ b/tests/multiotp/tokens_ocra_pbe.pskc
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <pkcs5:PBKDF2-params>
+ <Salt>
+ <Specified>rnTsZXC4HbpfBiJGK11/KQ==</Specified>
+ </Salt>
+ <IterationCount>1000</IterationCount>
+ <KeyLength>16</KeyLength>
+ <PRF/>
+ </pkcs5:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED"/>
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>Passphrase1</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>IAC/XU8Vmm4gORzC8Ugdno/AQ6lz5jpG6y91E3dlAcEjjHzG+m4tTeUeiXPSzwoZ</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ9000000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra"
Id="ZZ9000000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA1-6:QA06</pskc:Suite>
+ <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>83rAhYlnYh6m4EwttqwBszP4oamM+NS/t01EJo1NEFuZtjVfLaE7xgin6Fo/1Bdo</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>l383liW+s2jGwCN8OGnlto2hx9U=</pskc:ValueMAC>
+ </pskc:Secret>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/multiotp/tokens_totp_aes.pskc
b/tests/multiotp/tokens_totp_aes.pskc
new file mode 100644
index 0000000..699555d
--- /dev/null
+++ b/tests/multiotp/tokens_totp_aes.pskc
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>rVUagPa+KYZM2hfbHwnpozIL7s8tPQZvsXw67jwIslQNuBEd2862YFEH6+TkY4oE</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ8000000001</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ8000000001">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA256</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>cqy6Iab7wSTqANYvAHpFlnD2t/bB/3w0Tr2aPXa5qBAQ119hTzrIMXwa8+NDwlbGGDEZvi3CwhkV1USzNc3ZYg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>GWy0oB6y4vjUgVJ0mi1fwVyLNwg=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>+bvO+gPAjRaCj362X+jY/Kq+96JWEUnTrd01LMh5WXc=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>E8PxvkoE0+jx31dHHefFK2s+TZ8=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>jhCd0hvSwh9kjFi6sbtGSyTkos9OEM/DkAhcrxi2pBE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>kJvlB/aQYRCExmEoSsGHbHmc8P0=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ8000000002</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ8000000002">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA512</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>sqFR1kSP7U/Lh4Wmd9J68jM0xzWLYRvyTKrrJ/Zp3YSmkmO9/y/7d4O8TTA10YTdB96Fxtu7sG2Pi585ZOrLo45plWAg29bKKZnOzdfbqHWaFgz+w2NOh5nO8BPfN6Hp</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>bgWUXTPVrf+8FqRGozQ24/SqmfU=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Fmhdk1NjK+gOtF2sZOV58H8NDQdsgShJDtjtpVofhlE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>oCpIL7HUiZ6Tch1SgmgNzpaFylQ=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>Ux0yGMphj1Y2PT+4TQf3EAMVN9ieF42vc9J7T77HuBE=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>y6o/A0zvLC3bGQ09EeCHkB6wvIo=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/multiotp/tokens_totp_pbe.pskc
b/tests/multiotp/tokens_totp_pbe.pskc
new file mode 100644
index 0000000..528ba6b
--- /dev/null
+++ b/tests/multiotp/tokens_totp_pbe.pskc
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<pskc:KeyContainer xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
Id="ExampleID" Version="1.0">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <pkcs5:PBKDF2-params>
+ <Salt>
+ <Specified>etmLw9S1kDUeGS8V5e/UAw==</Specified>
+ </Salt>
+ <IterationCount>1000</IterationCount>
+ <KeyLength>16</KeyLength>
+ <PRF/>
+ </pkcs5:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED"/>
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>Passphrase1</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>lF9ReQyHsJ4LTlntuVlESIKbJiYnt5MDseTFqnmNcyHqxB/ZS4BD83ZuvTaSYCu9</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>ZZ8000000000</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp"
Id="ZZ8000000000">
+ <pskc:Issuer>Issuer0</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA1</pskc:Suite>
+ <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>1VNUGh7Jf+8QibELHTDFU8Lj+ZFu836aoFKTEVWtAW+XydPBHYmC9gnty3SJ1Vh0</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Oy+u0zn74nlGNjMnUe2OTfrFhHI=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>OcePCm3TGaXtSHQlox1pfLMWQ1dP7boiOG92wv9Jk6g=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>STDGPo7iRGs30+pI7SZCZ+d0J7w=</pskc:ValueMAC>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>yUNeDTix60G1T5DxGWC1VtFlKktG9lPoowjiGe6uuyY=</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>yZfFtq6nmW9MoxeD31C6OKVojoQ=</pskc:ValueMAC>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/test_multiotp.doctest b/tests/test_multiotp.doctest
new file mode 100644
index 0000000..e430765
--- /dev/null
+++ b/tests/test_multiotp.doctest
@@ -0,0 +1,75 @@
+test_multiotp.doctest - test for files from multiOTP
+
+Copyright (C) 2017 Arthur de Jong
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA
+
+
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
+>>> from pskc import PSKC
+
+
+This tests some files that are shipped with the multiOTP PHP authentication
+solution, https://www.multiotp.net/
+
+>>> pskc = PSKC('tests/multiotp/pskc-hotp-aes.txt')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.keys[0].secret)
+'3132333435363738393031323334353637383930'
+>>> pskc = PSKC('tests/multiotp/pskc-hotp-pbe.txt')
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.keys[0].secret)
+'3031323334353637383930313233343536373839'
+>>> pskc = PSKC('tests/multiotp/pskc-totp-aes.txt')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.keys[0].secret)
+'3132333435363738393031323334353637383930'
+>>> pskc = PSKC('tests/multiotp/pskc-totp-pbe.txt')
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.keys[0].secret)
+'3031323334353637383930313233343536373839'
+>>> pskc = PSKC('tests/multiotp/tokens_hotp_aes.pskc')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.keys[0].secret)
+'91f0dc4e239977e6bcc273e4f5414a8a6cf6d62c6990f58b4914a2d588b3475f'
+>>> pskc = PSKC('tests/multiotp/tokens_hotp_pbe.pskc')
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.keys[0].secret)
+'5d3a38bf5476d6f0b897f1e62887cb3ce833a5b9'
+>>> pskc = PSKC('tests/multiotp/tokens_ocra_aes.pskc')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.keys[0].secret)
+'e65f2c66247355fda360acdf3390972c16a1a164'
+>>> pskc = PSKC('tests/multiotp/tokens_ocra_pbe.pskc')
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.keys[0].secret)
+'4f40e1c6a7436e84620b170ceddfe110083cbd6d'
+>>> pskc = PSKC('tests/multiotp/tokens_totp_aes.pskc')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.keys[0].secret)
+'38c2506a8e0708a5e929c2686b827e0ba7ae28c9de3c83e6d27308345981a3de'
+>>> pskc.keys[0].algorithm_suite
+'HMAC-SHA256'
+>>> pskc = PSKC('tests/multiotp/tokens_totp_pbe.pskc')
+>>> pskc.encryption.derive_key('qwerty')
+>>> b2a_hex(pskc.keys[0].secret)
+'2c8792d34a3a8711b7cfc4304bcc84e3e67815a6'
-----------------------------------------------------------------------
Summary of changes:
pskc/parser.py | 56 +-
.../non-encrypted.pskcxml | 41 +
.../password-encrypted.pskcxml | 45 +
.../non-encrypted.pskcxml | 42 +
.../password-encrypted.pskcxml | 45 +
tests/multiotp/pskc-hotp-aes.txt | 85 ++
tests/multiotp/pskc-hotp-pbe.txt | 65 ++
tests/multiotp/pskc-totp-aes.txt | 145 +++
tests/multiotp/pskc-totp-pbe.txt | 62 +
tests/multiotp/tokens_hotp_aes.pskc | 80 ++
tests/multiotp/tokens_hotp_pbe.pskc | 62 +
tests/multiotp/tokens_ocra_aes.pskc | 1216 ++++++++++++++++++++
tests/multiotp/tokens_ocra_pbe.pskc | 53 +
tests/multiotp/tokens_totp_aes.pskc | 98 ++
tests/multiotp/tokens_totp_pbe.pskc | 71 ++
...eyprov_portable_symmetric_key_container.doctest | 180 +++
tests/test_multiotp.doctest | 75 ++
17 files changed, 2408 insertions(+), 13 deletions(-)
create mode 100644
tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml
create mode 100644
tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml
create mode 100644
tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml
create mode 100644
tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml
create mode 100644 tests/multiotp/pskc-hotp-aes.txt
create mode 100644 tests/multiotp/pskc-hotp-pbe.txt
create mode 100644 tests/multiotp/pskc-totp-aes.txt
create mode 100644 tests/multiotp/pskc-totp-pbe.txt
create mode 100644 tests/multiotp/tokens_hotp_aes.pskc
create mode 100644 tests/multiotp/tokens_hotp_pbe.pskc
create mode 100644 tests/multiotp/tokens_ocra_aes.pskc
create mode 100644 tests/multiotp/tokens_ocra_pbe.pskc
create mode 100644 tests/multiotp/tokens_totp_aes.pskc
create mode 100644 tests/multiotp/tokens_totp_pbe.pskc
create mode 100644
tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest
create mode 100644 tests/test_multiotp.doctest
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.5-28-g6f0ca70,
Commits of the python-pskc project
