diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2020-09-08 18:23:30 +0200 | 
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2020-09-09 08:55:50 -0700 | 
| commit | 4a8c01adb5100fd0397aad239edc5e80d13aca13 (patch) | |
| tree | 8bd215f32d2fee5b185efbcd36888c6fe44ffaea /doc | |
| parent | 16f6b3ba0c3535efd1b9288ea1980cdd281b6565 (diff) | |
| download | nitrocli-4a8c01adb5100fd0397aad239edc5e80d13aca13.tar.gz nitrocli-4a8c01adb5100fd0397aad239edc5e80d13aca13.tar.bz2 | |
Add --usb-path option to select device
This patch adds the --usb-path option as an additional way to filter the
Nitrokey device to connect to.  While the serial number is a better
identifier in theory, the Nitrokey Storage devices do not send their
serial number in the USB device descriptor.  Having the --usb-path
options allows users to select one of multiple Nitrokey Storage devices.
While we could directly call the nitrokey::Manager::connect_path
function with the specified path, we integrate the --usb-path option
into the existing find_device function for consistent error messages and
to avoid having to duplicate the --model and --serial-number checks.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/config.example.toml | 2 | ||||
| -rw-r--r-- | doc/nitrocli.1 | 18 | ||||
| -rw-r--r-- | doc/nitrocli.1.pdf | bin | 41970 -> 42218 bytes | 
3 files changed, 18 insertions, 2 deletions
| diff --git a/doc/config.example.toml b/doc/config.example.toml index eefdfa0..82e0ece 100644 --- a/doc/config.example.toml +++ b/doc/config.example.toml @@ -7,6 +7,8 @@ model = "pro"  # The serial number of the device to connect to (list of strings, default:  # empty).  serial_numbers = ["0xf00baa", "deadbeef"] +# The USB path of the device to connect to (string, default: empty). +usb_path = "004:001:00"  # Do not cache secrets (boolean, default: false).  no_cache = true  # The log level (integer, default: 0). diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index 8b04de6..2d1e564 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -12,11 +12,13 @@ It can be used to access the encrypted volume, the one-time password generator,  and the password safe.  .SS Device selection  Per default, \fBnitrocli\fR connects to any attached Nitrokey device. -You can use the \fB\-\-model\fR and \fB\-\-serial-number\fR options to select -the device to connect to. +You can use the \fB\-\-model\fR, \fB\-\-serial-number\fR and \fB\-\-usb-path\fR +options to select the device to connect to.  \fBnitrocli\fR fails if more than one attached Nitrokey device matches this  filter or if multiple Nitrokey devices are attached and none of the filter  options is set. +Use the \fBlist\fR command to list all attached devices with their USB path, +model, and serial number (if available).  .SH OPTIONS  .TP  \fB\-m\fR, \fB\-\-model pro\fR|\fBstorage\fR @@ -31,6 +33,9 @@ This option can be set multiple times to allow any of the given serial numbers.  Nitrokey Storage devices never match this restriction as they do not expose  their serial number in the USB device descriptor.  .TP +\fB\-\-usb-path \fIusb-path\fR +Restrict connections to the given USB path, see the Device selection section. +.TP  \fB\-\-no\-cache\fR  If this option is set, nitrocli will not cache any inquired secrets using  \fBgpg\-agent\fR(1) but ask for them each time they are needed. @@ -315,6 +320,10 @@ Restrict connections to the given device model (string, default: not set, see  Restrict connections to the given serial numbers (list of strings, default:  empty, see \fB\-\-serial-number\fR).  .TP +.B usb_path +Restrict connections to the given USB path (string, default: not set, see +\fB\-\-usb-path\fR). +.TP  .B no_cache  If set to true, do not cache any inquired secrets (boolean, default: false,  see \fB\-\-no\-cache\fR). @@ -325,6 +334,7 @@ Set the log level (integer, default: 0, see \fB\-\-verbose\fR).  The configuration file must use the TOML format, for example:      model = "pro"      serial_numbers = ["0xf00baa", "deadbeef"] +    usb_path = "0001:0006:02"      no_cache = false      verbosity = 0 @@ -361,6 +371,10 @@ Restrict connections to the given device model (string, default: not set, see  Restrict connections to the given list of serial numbers (comma-separated list  of strings, default: empty, see \fB\-\-serial-number\fR).  .TP +.B NITROCLI_USB_PATH +Restrict connections to the given USB path (string, default: not set, see +\fB\-\-usb-path\fR). +.TP  .B NITROCLI_NO_CACHE  If set to true, do not cache any inquired secrets (boolean, default: false,  see \fB\-\-no\-cache\fR). diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdfBinary files differ index 73041ae..48a41ff 100644 --- a/doc/nitrocli.1.pdf +++ b/doc/nitrocli.1.pdf | 
