Scripting Token Retrieval on OSX
It's being sometime that I'm working from home and because of that I have to use my RSA software token way more often. After a couple of: start SecurID, type your pin, copy the token number, close the SecurID and paste on whatever intranet site I want to access; I went and automated the whole thing with AppleScript.
Now I just fire up the script using and done, the token is added to my clipboard and I can paste it anywhere I need.
Note on security
There's a caveat. If you're willing to automate the token retrieval, where did
you plan to write down your pin? If you do it on the script itself it's a bad
idea since is easy to get your pin just by executing grep on it.
A better and more secure solution is to have an encrypted storage on your OSX from where you can retrieve the pin, and guess what, you have it and it's called Keychain. That's what I did, just added a new key to "login.keychain" (where all your web passwords get saved) called rsatoken.
The implementation
I needed to search the internet for some information (since AppleScript is not my strongest skill) and I ended up with this script:
set appName to "SecurID"
set thePin to RsaTokenPin()
activate application appName
tell application appName
activate
tell application "System Events"
keystroke thePin -- type the pin number
key code 36 -- return key
delay 0.3 -- wait for token appear
key code 48 -- press tab
key code 49 -- space (to hit the copy button)
end tell
end tell
quit application appName
on RsaTokenPin()
return (do shell script "security -q find-generic-password -gl rsatoken 2>&1 | egrep '^password' | awk -F\\\" '{print $2}'")
end RsaTokenPin
What the script does is pretty much the way you have to do it manually, it fires up the SecurID application, enters your pin, type return than a tab followed by a space (which will press the "copy" button) and closes the application.
The catch is on retrieving your pin number, it doesn't use the AppleScript API to do it. Several sources stated that AppleScript and Keychain are not a good combination and dreadful slow. So I followed their advise and used the security shell command.
The security command doesn't give a usable output with just the password so I had to use a little more piping around to get what I wanted.
That's it, quick recap. Add a key named "rsatoken" to your Keychain with your pin as password. Paste this script in your Apple Script Editor and save it as an Application. This should save some minutes during the day if you need to enter your token quite often as I do.
Cheers, Marco.