PalmKey (S/Key Client for PalmOS devices)

Copyright 2000 by Jason Fritcher <>

PalmKey is an RFC1938 compliant One-Time Password (formerly S/Key) generator.

One-Time passwords are used for secure authentication across an insecure network. Systems that use OTPs, issue a challenge to the user when the connection is first established. The user inputs this challenge plus their secret password, and a one-time password is computed. The user then sends this response to the system. The user's password is never directly transmitted over the network. Once a OTP is accepted, it will never be accepted again, making it safe to transmit over the network in the clear.

PalmKey has been built with PalmOS 3.0 compatibility in mind and should run on any PalmOS hardware running version 3.0 or higher.

Installation Instructions

Download the binary distribution below, and read the README file for more information.

Usage Instructions

Read the README file included with the distribution for more information.

Compilation Instructions

Get the source distributions and then follow the directions in the COMPILING file.

Bug reporting

Please report any bugs here.

Current files:




PalmKey Project Information Page


Portions of PalmKey are based on the S/KEY(tm) reference implementation written by Phil Karn, Neil M. Haller and John S. Walden, and modified by Wietse Venema. S/KEY is a trademark of Bellcore. The MD4 and MD5 code was written by Ron Rivest. MD4 and MD5 Message-Digest Algorithms are by RSA Data Security, Inc. The SHA-1 code is based on the implementation written by Jim Gillogly. SHA-1 is the Secure Hash Algorithm by the National Institute of Standards and Technology (NIST).