EDIT: Thanks to Satras in the comments below - EMC (Who bought RSA) have published links to the Software Token Converter here:
- First of all, I contacted IT and was sent the software Key as a .sdtid file.
- I was a brand new RSA user, but if you already use RSA from a keyring or desktop computer, then you may skip the following: I followed the bog-standard Windows installation and setup process by following the standard instructions provided by RSA, including (importantly) setting a PIN, roughly this involved the following:
- The Software was already installed on my box, but you might have to install it from here http://www.rsa.com/node.aspx?id=2521 (Link updated, 3rd Sep 2012)
- Import the .sdtid file including adding a password (in this case my username - I think just to unlock the import file)
- Log into your companies securid page, ours is http://securid.thoughtworks.com/webauthentication (This requires you to add the Vanilla code from your RSA software app (ie, when the windows app prompts for a pin, leave it blank)
- Set a pin
- Log into https://securid.thoughtworks.com/ again - this time using your newly created pin in the windows app. (I assume the PIN is simply hashed into the code if you enter one).
- This then allowed me to fire up the windows app, enter my pin, and get an RSA code/hash/temp Password/thing.
- Browse here: https://www.rsa.com/node.aspx?id=1081 then to the android link.
- Download the instructions, and on your phone follow the link (QR code) to the Android app in the marketplace. Download/install it.
- You have to get the key onto your android phone somehow, after several false starts I realised you have to convert the token (.sdtid file) from XML into the “compressed token format”.
- Download the Software Token converter from RSA, there’s a link from this page: https://www.rsa.com/node.aspx?id=1081 (You may need to register to get this)
- Follow the instructions. In brief it’s a console app, and you need to pass it the file locations (.sdtid) password (my username in this case) and “-android”. For example:
TokenConvert.exe c:\MyUserName.sdtid -iphone -p myUsernameor
TokenConvert.exe c:\MyUserName.sdtid -android -p myUsername
- It then spits out an http URI(android) or a funny looking iphone protocol Uri, right there in the console window.
- Paste that URI into an email, and send it to an account you can read on your android phone. You might need to make sure it is a link, not just text, in your source email client
- Back on your phone, open the email and click the link, this prompted me to open the link in the RSA app, if it doesn’t, I think you can copy/paste the link into the RSA app manually.
- Some colleagues of mine who tried this recently have been re-propmted for their password at this point (in our case - our username)
- The RSA app declared all was well.
- I was then able to open the app on my phone, enter my pin, and get one of the RSA number/key/things, which worked to log into the Thoughtworks secure sites. I haven’t tried it from home yet, but will report back if it doesn’t work.