diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2018-12-30 00:36:56 +0100 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2019-01-01 17:14:39 -0800 |
| commit | 2f4a7b691ac676b028c7bc94b5974987f1e22046 (patch) | |
| tree | 97ef4db84bd26e4d074d3c901cf3ceb81c59523e /nitrocli/doc/nitrocli.1 | |
| parent | 76b1858c4f35ea3c1b542481222ca84a355c2342 (diff) | |
| download | nitrocli-2f4a7b691ac676b028c7bc94b5974987f1e22046.tar.gz nitrocli-2f4a7b691ac676b028c7bc94b5974987f1e22046.tar.bz2 | |
Document the config commands
This patch adds documentation and examples for config get and config set
to the README and to the man page.
Diffstat (limited to 'nitrocli/doc/nitrocli.1')
| -rw-r--r-- | nitrocli/doc/nitrocli.1 | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/nitrocli/doc/nitrocli.1 b/nitrocli/doc/nitrocli.1 index 53eab9a..bdf9e6b 100644 --- a/nitrocli/doc/nitrocli.1 +++ b/nitrocli/doc/nitrocli.1 @@ -1,4 +1,4 @@ -.TH NITROCLI 1 2018-12-28 +.TH NITROCLI 1 2018-12-30 .SH NAME nitrocli \- access Nitrokey devices .SH SYNOPSIS @@ -53,6 +53,7 @@ Generate a one-time password. \fIalgorithm\fR is the OTP algorithm to use. Possible values are \fBhotp\fR for the HOTP algorithm according to RFC 4226 and \fBtotp\fR for the TOTP algorithm according to RFC 6238 (default). +This command might require the user PIN (see the Configuration section). .TP \fBnitrocli otp set \fIslot name secret \ \fR[\fB-a\fR|\fB--algorithm \fIalgorithm\fR] \ @@ -86,7 +87,35 @@ Possible values are \fBhotp\fR for the HOTP algorithm according to RFC 4226 and List all OTP slots. If \fB--all\fR is not set, empty slots are ignored. -.SH EXAMPLE +.SS Configuration +Nitrokey devices have four configuration settings: the numlock, capslock and +scrollock keys can be mapped to an HOTP slot, and OTP generation can be set to +require the user PIN. +.TP +\fBnitrocli config get\fR +Print the current configuration. +.TP +\fBnitrocli config set \fR\ +[[\fB-n\fR|\fB--numlock \fIslot\fR] | [\fB-N\fR|\fB--no-numlock\fR]] \ +[[\fB-c\fR|\fB--capslock \fIslot\fR] | [\fB-C\fR|\fB--no-capslock\fR]] \ +[[\fB-s\fR|\fB--scrollock \fIslot\fR] | [\fB-S\fR|\fB--no-scrollock\fR]] \ +[[\fB-o\fR|\fB--otp-pin\fR] | [\fB-O\fR|\fB--no-otp-pin\fR]] +Update the Nitrokey configuration. +This command requires the admin PIN. + +With the \fB--numlock\fR, \fB--capslock\fR and \fB--scrollock\fR options, the +respective bindings can be set. +\fIslot\fR is the number of the HOTP slot to bind the key to. +If \fB--no-numlock\fR, \fB--no-capslock\fR or \fB--no-scrollock\fR is set, the +respective binding is disabled. +The two corresponding options are mutually exclusive. + +If \fB--otp-pin\fR is set, the user PIN will be required to generate one-time +passwords using the \fBotp get\fR command. +If \fB--no-otp-pin\fR is set, OTP generation can be performed without PIN. +These two options are mutually exclusive. + +.SH EXAMPLES .SS One-time passwords Configure a one-time password slot with a hexadecimal secret representation: $ \fBnitrocli otp set 0 test-rfc4226 3132333435363738393031323334353637383930 --algorithm hotp\fR @@ -102,3 +131,15 @@ Generate a one-time password: .P Clear a one-time password slot: $ \fBnitrocli otp clear 0 --algorithm hotp\fR + +.SS Configuration +Query the configuration: + $ \fBnitrocli config get\fR + Config: + numlock binding: not set + capslock binding: not set + scrollock binding: not set + require user PIN for OTP: true +.P +Change the configuration: + $ \fBnitrocli config set --otp-pin\fR |