diff options
author | Daniel Mueller <deso@posteo.net> | 2020-07-07 17:35:50 -0700 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2020-07-07 17:35:50 -0700 |
commit | 99fde3cac7c9cf278b81876994d3a4f4b795b8ce (patch) | |
tree | aaadb319d2b9fe5e6078c0c63490f89473353546 | |
parent | 3f62110dc0a0f9ee107643419b027a94427a5530 (diff) | |
download | nitrocli-99fde3cac7c9cf278b81876994d3a4f4b795b8ce.tar.gz nitrocli-99fde3cac7c9cf278b81876994d3a4f4b795b8ce.tar.bz2 |
Change default OTP format to base32
An arguably unrepresentative survey of services (GitHub, Google
Authenticator, and Bitbucket) seems to suggests that the base32 format
is the de-facto standard format for OTP secrets. Given that it's not
necessarily obvious what format a secret is in and that most services
refrain from mentioning it explicitly, having the correct default format
is fairly important.
With this change we switch the default format from hexadecimal to
base32 to accommodate for this finding.
-rw-r--r-- | CHANGELOG.md | 5 | ||||
-rw-r--r-- | doc/nitrocli.1 | 4 | ||||
-rw-r--r-- | doc/nitrocli.1.pdf | bin | 38453 -> 38611 bytes | |||
-rw-r--r-- | src/args.rs | 2 | ||||
-rw-r--r-- | src/tests/otp.rs | 7 |
5 files changed, 12 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 152eff1..ced56c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +Unreleased +---------- +- Changed default OTP format from `hex` to `base32` + + 0.3.3 ----- - Added bash completion support via `shell-complete` utility program diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index 04bfe61..0d33cd6 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -1,4 +1,4 @@ -.TH NITROCLI 1 2020-01-29 +.TH NITROCLI 1 2020-08-04 .SH NAME nitrocli \- access Nitrokey devices .SH SYNOPSIS @@ -148,7 +148,7 @@ If it is set to \fBbase32\fR, the secret is interpreted as a base32 string according to RFC 4648. If it is set to \fBhex\fR, every two characters are interpreted as the hexadecimal value of one byte. -The default value is \fBhex\fR. +The default value is \fBbase32\fR. \fIalgorithm\fR is the OTP algorithm to use. Possible values are \fBhotp\fR for the HOTP algorithm according to RFC 4226 and diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf Binary files differindex 596e794..bdf7ac2 100644 --- a/doc/nitrocli.1.pdf +++ b/doc/nitrocli.1.pdf diff --git a/src/args.rs b/src/args.rs index 91b340c..56a10b4 100644 --- a/src/args.rs +++ b/src/args.rs @@ -269,7 +269,7 @@ pub struct OtpSetArgs { #[structopt(short, long, default_value = "30")] pub time_window: u16, /// The format of the secret - #[structopt(short, long, default_value = OtpSecretFormat::Hex.as_ref(), + #[structopt(short, long, default_value = OtpSecretFormat::Base32.as_ref(), possible_values = &OtpSecretFormat::all_str())] pub format: OtpSecretFormat, /// The OTP slot to use diff --git a/src/tests/otp.rs b/src/tests/otp.rs index f923170..837b075 100644 --- a/src/tests/otp.rs +++ b/src/tests/otp.rs @@ -23,7 +23,8 @@ use crate::args; #[test_device] fn set_invalid_slot_raw(model: nitrokey::Model) { - let (rc, out, err) = Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234"]); + let (rc, out, err) = + Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234", "-f", "hex"]); assert_ne!(rc, 0); assert_eq!(out, b""); @@ -32,7 +33,7 @@ fn set_invalid_slot_raw(model: nitrokey::Model) { #[test_device] fn set_invalid_slot(model: nitrokey::Model) { - let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234"]); + let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234", "-f", "hex"]); assert_eq!( res.unwrap_lib_err(), @@ -54,7 +55,7 @@ fn status(model: nitrokey::Model) -> crate::Result<()> { let mut ncli = Nitrocli::with_model(model); // Make sure that we have at least something to display by ensuring // that there is one slot programmed. - let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456"])?; + let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456", "-f", "hex"])?; let out = ncli.handle(&["otp", "status"])?; assert!(re.is_match(&out), out); |