A command line tool for interacting with Nitrokey devices (GitHub mirror) https://git.ireas.org/mirrors/nitrocli/atom?h=master 2020-10-04T13:51:10Z 2020-10-04T13:51:10Z Daniel Mueller deso@posteo.net 2020-10-04T13:51:10Z urn:sha1:a992925f7dcee6a27404df0a56b47c09faed5265 When we switched the default OTP format from hexadecimal to base32 we missed that the manual was providing examples of the otp set command that were implicitly making use of the default format -- leading to a mismatch between what the example is meant to do and what it actually does. This change fixes this oversight in the manual by adjusting the examples accordingly. 2020-10-04T13:30:03Z Daniel Mueller deso@posteo.net 2020-10-04T13:30:03Z urn:sha1:4d779638826bee5e4ee5c7ea2ed2fc8d0d7275be The man page mentions a password safe slot count of 20 for both the Nitrokey Pro and the Nitrokey Storage devices. This count is incorrect, as both devices can store only 16 entries each, as is evident from the corresponding technical details for each device. With this change we correct said number. 2021-01-11T01:37:57Z Robin Krahl robin.krahl@ireas.org 2020-09-09T11:03:44Z urn:sha1:b39663bf381cbc1079fed08fbd3d0fe665151e90 For consistency with the --usb-path option, this path renames the device path column in the output of the list command to USB path. 2021-01-11T01:37:57Z Robin Krahl robin.krahl@ireas.org 2020-09-08T16:23:30Z urn:sha1:9593dfd03a6ca085d649ca090b6ec5e5f0104e78 This patch adds the --usb-path option as an additional way to filter the Nitrokey device to connect to. While the serial number is a better identifier in theory, the Nitrokey Storage devices do not send their serial number in the USB device descriptor. Having the --usb-path options allows users to select one of multiple Nitrokey Storage devices. While we could directly call the nitrokey::Manager::connect_path function with the specified path, we integrate the --usb-path option into the existing find_device function for consistent error messages and to avoid having to duplicate the --model and --serial-number checks. 2021-01-11T01:37:56Z Robin Krahl robin.krahl@ireas.org 2020-01-25T19:33:57Z urn:sha1:6ce6dc4f3db67c3f6b6148b1fb03644e91900291 This patch adds the --serial-number option that allows the user to filter the attached Nitrokey devices by serial number. As the Nitrokey Storage does not include its serial number in the USB device descriptor and as we don't want to connect to it just to query the serial number, this option only works for Nitrokey Storage devices. 2021-01-11T01:37:55Z Robin Krahl robin.krahl@ireas.org 2020-09-06T21:44:18Z urn:sha1:6f029e744abc0f6d4cfe756d7e6b771be1be3999 Previously, we just applied our filter (if any) to all attached Nitrokey devices and selected the first match when connection to a Nitrokey device. This may lead to unexpected behavior if multiple devices are attached. This patch changes the find_device function to return an error if multiple matching devices are found. 2020-09-03T04:40:32Z Daniel Mueller deso@posteo.net 2020-09-03T04:40:32Z urn:sha1:79346022d01a73a8987298d82a2f0b749b63ac50 With this change we switch to using a REUSE compliant way of specifying the copyright & license of the program. To be fully in conformance we also add additional license specifications for the remaining files in the project. Lastly, a new CI pipeline rule takes care of verifying compliance on an ongoing basis. 2021-01-11T01:37:52Z Robin Krahl robin.krahl@ireas.org 2020-02-02T11:15:32Z urn:sha1:6a9c31f19617f01f17d71b8a85f94cf6877fe7c8 This patch updates the man page for the last changes: - new option --no-cache - changes to the environment variables - configuration files 2021-01-11T01:37:52Z Robin Krahl robin.krahl@ireas.org 2020-02-02T11:15:27Z urn:sha1:aeaffebcde16db3fa505935771b19cbae9a6f658 This patch adds a simple configuration file that demonstrates the syntax and contains some documentation. We suggest to ship this file together with nitrocli and to install it e.g., in the /usr/share/doc/nitrocli directory. This patch also adds a simple test case that makes sure that the example file is parsed correctly. 2020-07-08T00:35:50Z Daniel Mueller deso@posteo.net 2020-07-08T00:35:50Z urn:sha1:99fde3cac7c9cf278b81876994d3a4f4b795b8ce An arguably unrepresentative survey of services (GitHub, Google Authenticator, and Bitbucket) seems to suggests that the base32 format is the de-facto standard format for OTP secrets. Given that it's not necessarily obvious what format a secret is in and that most services refrain from mentioning it explicitly, having the correct default format is fairly important. With this change we switch the default format from hexadecimal to base32 to accommodate for this finding.