summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Mueller <deso@posteo.net>2020-07-07 17:35:50 -0700
committerDaniel Mueller <deso@posteo.net>2020-07-07 17:35:50 -0700
commit99fde3cac7c9cf278b81876994d3a4f4b795b8ce (patch)
treeaaadb319d2b9fe5e6078c0c63490f89473353546
parent3f62110dc0a0f9ee107643419b027a94427a5530 (diff)
downloadnitrocli-99fde3cac7c9cf278b81876994d3a4f4b795b8ce.tar.gz
nitrocli-99fde3cac7c9cf278b81876994d3a4f4b795b8ce.tar.bz2
Change default OTP format to base32
An arguably unrepresentative survey of services (GitHub, Google Authenticator, and Bitbucket) seems to suggests that the base32 format is the de-facto standard format for OTP secrets. Given that it's not necessarily obvious what format a secret is in and that most services refrain from mentioning it explicitly, having the correct default format is fairly important. With this change we switch the default format from hexadecimal to base32 to accommodate for this finding.
-rw-r--r--CHANGELOG.md5
-rw-r--r--doc/nitrocli.14
-rw-r--r--doc/nitrocli.1.pdfbin38453 -> 38611 bytes
-rw-r--r--src/args.rs2
-rw-r--r--src/tests/otp.rs7
5 files changed, 12 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 152eff1..ced56c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+Unreleased
+----------
+- Changed default OTP format from `hex` to `base32`
+
+
0.3.3
-----
- Added bash completion support via `shell-complete` utility program
diff --git a/doc/nitrocli.1 b/doc/nitrocli.1
index 04bfe61..0d33cd6 100644
--- a/doc/nitrocli.1
+++ b/doc/nitrocli.1
@@ -1,4 +1,4 @@
-.TH NITROCLI 1 2020-01-29
+.TH NITROCLI 1 2020-08-04
.SH NAME
nitrocli \- access Nitrokey devices
.SH SYNOPSIS
@@ -148,7 +148,7 @@ If it is set to \fBbase32\fR, the secret is interpreted as a base32 string
according to RFC 4648.
If it is set to \fBhex\fR, every two characters are interpreted as the
hexadecimal value of one byte.
-The default value is \fBhex\fR.
+The default value is \fBbase32\fR.
\fIalgorithm\fR is the OTP algorithm to use.
Possible values are \fBhotp\fR for the HOTP algorithm according to RFC 4226 and
diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf
index 596e794..bdf7ac2 100644
--- a/doc/nitrocli.1.pdf
+++ b/doc/nitrocli.1.pdf
Binary files differ
diff --git a/src/args.rs b/src/args.rs
index 91b340c..56a10b4 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -269,7 +269,7 @@ pub struct OtpSetArgs {
#[structopt(short, long, default_value = "30")]
pub time_window: u16,
/// The format of the secret
- #[structopt(short, long, default_value = OtpSecretFormat::Hex.as_ref(),
+ #[structopt(short, long, default_value = OtpSecretFormat::Base32.as_ref(),
possible_values = &OtpSecretFormat::all_str())]
pub format: OtpSecretFormat,
/// The OTP slot to use
diff --git a/src/tests/otp.rs b/src/tests/otp.rs
index f923170..837b075 100644
--- a/src/tests/otp.rs
+++ b/src/tests/otp.rs
@@ -23,7 +23,8 @@ use crate::args;
#[test_device]
fn set_invalid_slot_raw(model: nitrokey::Model) {
- let (rc, out, err) = Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234"]);
+ let (rc, out, err) =
+ Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234", "-f", "hex"]);
assert_ne!(rc, 0);
assert_eq!(out, b"");
@@ -32,7 +33,7 @@ fn set_invalid_slot_raw(model: nitrokey::Model) {
#[test_device]
fn set_invalid_slot(model: nitrokey::Model) {
- let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234"]);
+ let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234", "-f", "hex"]);
assert_eq!(
res.unwrap_lib_err(),
@@ -54,7 +55,7 @@ fn status(model: nitrokey::Model) -> crate::Result<()> {
let mut ncli = Nitrocli::with_model(model);
// Make sure that we have at least something to display by ensuring
// that there is one slot programmed.
- let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456"])?;
+ let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456", "-f", "hex"])?;
let out = ncli.handle(&["otp", "status"])?;
assert!(re.is_match(&out), out);