| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
This change adds support for changing the read-write mode of the
unencrypted volume. To do so, we introduce a new top-level command,
unencrypted, with a new subcommand, set, that accepts the new mode of
the volume.
|
| |
|
|
|
|
|
| |
The --ascii option of the otp set subcommand has been deprecated a while
in favor of --format. As the next release is slated to be a major one
breaking backwards compatibility, this change removes this option for
good.
|
| |
|
|
|
|
|
|
| |
This change is the last step in the process of restructuring the storage
command. In particular, now that functionality pertaining hidden volumes
has been moved out into a dedicated top-level command, it renames said
command to encrypted, because dealing with the encrypted volume is the
only functionality it provides.
|
| |
|
|
|
|
| |
This patch marks the next step in the process of restructuring the
storage command. Specifically, it promotes the storage hidden subcommand
to a top-level command, hidden.
|
| |
|
|
|
|
|
|
| |
In an attempt to rework the structure of the storage command to better
accommodate future requirements for allowing to change the read-write
state of the unencrypted volume (as well as potentially the encrypted
one), this change removes the storage status subcommand and merges its
output into the storage command.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.4. The following
notable changes have been made since 0.2.3:
- Added the reset command to perform a factory reset
- Added the -V/--version option to print the program's version
- Check the status of a PWS slot before accessing it in pws get
- Added NITROCLI_NO_CACHE environment variable to bypass caching of
secrets
- Clear cached PIN entry as part of pin set command to prevent
spurious authentication failures
- Bumped libc dependency to 0.2.57
- Bumped cc dependency to 1.0.37
|
| |
|
|
|
|
| |
This change updates the libc crate to version 0.2.57.
Import subrepo libc/:libc at cdc48ea36d8d2890dba38e8f779001e6855339a2
|
| |
|
|
|
|
|
|
|
|
| |
When a PIN is changed using the pin set command, the last action is to
confirm the operation with the previously used PIN. This step will cause
this PIN, which is now stale and no longer valid, to be cached, which in
turn can cause follow up command using the same PIN type to use this
wrong cached entry for authentication.
To fix this problem, this change explicitly clear the PIN entry from the
cache after the PIN has been changed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
So far we have cached secrets in gpg-agent(1) whenever that made sense
to do (i.e., for the two PINs in most contexts but not for passwords).
While there is reason to believe that such caching is desired by the
majority of users, not everybody has a use for it.
To give users an opportunity to opt out of such caching, this change
introduces a new environment variable, NITROCLI_NO_CACHE, that, when
present in the environment, instructs the program to bypass the cache
for all operations that require a secret and to instead inquire such
secrets each time they are needed.
|
| |
|
|
|
|
| |
This change updates the cc crate to version 1.0.37.
Import subrepo cc/:cc at cbf6d2f1312b6be22a7a363cf5c2a02acabc531f
|
| |
|
|
|
|
| |
This change updates the libc crate to version 0.2.55.
Import subrepo libc/:libc at caf17a0641d29dc624621177f5756804dd180c13
|
| |
|
|
|
|
| |
This change updates the libc crate to version 0.2.48.
Import subrepo libc/:libc at 42cd3ba27254c423e03f6f4324de57075047f6a0
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Nitrokey devices do not check whether a PWS slot is programmed
before accessing it (upstream issues [0] [1]). Until this is fixed in
the firmware, we have to manually check the slot status in pws get. This
could have been done in libnitrokey or the nitrokey crate, yet this
would lead to unnecessary commands if we check multiple fields of a slot
at the same time.
[0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56
[1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
|
| |
|
|
|
|
| |
After performing the factory reset, we also build the AES key so that
the device is fully usable. Due to timing issue, we have to add a delay
between the factory reset and building the AES key.
|
| |
|
|
|
|
|
|
| |
The -V/--version option prints the nitrocli version to stdout and exits.
In the future, it should also print the used libnitrokey version, but as
the required function is only available with nitrokey 0.3.2 and as the
current interface does not reflect the latest change in version naming,
I skipped that in this patch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.3. The following
notable changes have been made since 0.2.2:
- Added the storage hidden subcommand for working with hidden volumes
- Store cached PINs on a per-device basis to better support multi-device
scenarios
- Further decreased binary size by using system allocator
- Bumped nitrokey dependency to 0.3.4
- Bumped rand dependency to 0.6.4
- Removed rustc_version, semver, and semver-parser dependencies
- Bumped nitrokey-sys dependency to 3.4.3
- Bumped libc dependency to 0.2.47
|
| |
|
|
|
|
| |
This change updates the libc crate to version 0.2.47.
Import subrepo libc/:libc at ce1dfcbf81bd74662b5cd02a9214818a0bfbbffa
|
| |
|
|
|
|
| |
This change updates the nitrokey crate to version 0.3.4.
Import subrepo nitrokey/:nitrokey at 41cdc1f7091a3c442241dbb2379c50dbcc7e9c5f
|
| |
|
|
|
|
| |
This change updates the README and the man page with documentation about
hidden volumes in general and the storage hidden subcommand in
particular.
|
| |
|
|
|
|
|
|
|
|
| |
With the update to rand 0.6.4 we no longer require the dependencies to
rustc_version, semver, and semver-parser. Hence, this change removes
them.
Delete subrepo rustc_version/:rustc_version
Delete subrepo semver/:semver
Delete subrepo semver-parser/:semver-parser
|
| |
|
|
|
|
|
|
|
|
|
| |
This change updates the nitrokey crate to version 0.3.3. Along with that
change we update rand to 0.6.4 because rand 0.6.1 does not yet contain a
publicly accessible rand_os. Note that we no longer require all
crates in rand's workspace, but only rand_os and rand_core, which is a
significant reduction in the number of lines of code compiled.
Import subrepo nitrokey/:nitrokey at 7cf747d56ddc0b7eeedc3caf36dcc909907a171c
Import subrepo rand/:rand at 4336232dda03323634b10ec72ddf27914aebc3a2
|
| |
|
|
|
|
| |
This change updates the libc crate to version 0.2.46.
Import subrepo libc/:libc at a9e3cc6c1b529eaffef5b82934d0c47203edebe5
|
| |
|
|
|
|
| |
This change updates the nitrokey crate to version 0.3.2.
Import subrepo nitrokey/:nitrokey at 6ea73f29daa5db0215663a0a38334b764863671d
|
| |
|
|
|
|
| |
This change updates the nitrokey-sys crate to version 3.4.3.
Import subrepo nitrokey-sys/:nitrokey-sys at fe86df47853718983e1f45d6a4289a1d93ace45c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The application supports multiple devices both plugged in at the same
time as well as when used after the other. However, the GPG cache ID we
use for storing and retrieving the respective PIN is effectively a
constant. This constraint can cause problems when devices have different
PINs, as the PIN of a previously plugged in device may be reused for an
operation on a different one.
To resolve this problem this change adds the respective device's model
and serial number to the cache ID. As each serial number is supposed to
be different, this will ensure that the correct PIN is used for each
device. With this change we also show the model and serial number of the
currently used device in the pinentry dialog.
Note that because we do not store the serial numbers of all previously
plugged in devices, the pin clear command will only clear the PIN for
the currently plugged in device. If a user wants to make sure that a
cached PIN is cleared, the pin clear command should be invoked before
unplugging the device.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past we have already taken a couple of steps to reduce the size
of the final binary, arguing that binary size is the metric of most
relevance for the program at hand:
- the memory footprint is close to irrelevant because the program does
not stay resident in memory for long
- execution speed is likely dominated by communication with the Nitrokey
itself, which is a slow I/O device
With that in mind, this change decreases the binary size further by
swapping the default allocator we use (typically jemalloc) with the
system allocator (which is malloc based on Unix systems). Given that we
are by no means allocation sensitive, there is no point in wasting
binary size on something that adds no value.
This change decreases the binary size by another 324 KiB (for an already
stripped release mode binary).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.2. The following
notable changes have been made since 0.2.1:
- Added the -v/--verbose option to control libnitrokey log level
- Added the -m/--model option to restrict connections to a device
model
- Added the -f/--format option for the otp set subcommand to
choose the secret format
- Deprecated the --ascii option
- Honor NITROCLI_ADMIN_PIN and NITROCLI_USER_PIN as well as
NITROCLI_NEW_ADMIN_PIN and NITROCLI_NEW_USER_PIN environment
variables for non-interactive PIN supply
- Format nitrokey reported errors in more user-friendly format
- Bumped nitrokey dependency to 0.3.1
|
| |
|
|
|
|
|
|
|
|
|
| |
The second source of interactivity comes from the pin set and pin
unblock commands, which also inquire with the pinentry module to ask the
user for a PIN.
This change adjusts the two commands to honor the PINs as available in
the command execution context. It also updates the documentation
to reflect the availability of the newly introduced and honored
environment variables NITROCLI_ADMIN_PIN & NITROCLI_USER_PIN as well as
NITROCLI_NEW_ADMIN_PIN & NITROCLI_NEW_USER_PIN.
|
| |
|
|
|
|
|
|
|
| |
At some point in the past nitrokey::CommandError was lacking an
implementation of the fmt::Display trait. Hence, we fell back to
printing these errors in debug format.
Since version 0.2.0 of the crate fmt::Display is implemented for these
errors. With this change we use it to report more user-friendly error
messages.
|
| |
|
|
|
|
| |
This change updates the nitrokey crate to version 0.3.1.
Import subrepo nitrokey/:nitrokey at bad12ad3c57c67d42243338af7d65c3591fed327
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces the -f/--format options for the otp set
subcommand to specify the format of the OTP secret. Previously, the
default format was hexadecimal and ASCII format could be selected using
the --ascii option. The new --format option takes the argument hex or
ascii, defaulting to hex, and replaces the --ascii option.
This patch does not remove the --ascii option but marks it as
deprecated. It may not be set together with --format, and a warning is
printed if it is set. It should be deleted with the next minor release.
This patch prepares the addition of a new format, base32.
|
| |
|
|
|
|
| |
This change updates the nitrokey crate to version 0.3.0.
Import subrepo nitrokey/:nitrokey at 3593df8844b80741e2d33c8e5af80e65760dc058
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the -m/--model option that can be used to restrict the
device model to connect to. Per default, nitrocli connects to any
available Nitrokey device. If this new option is set, it will instead
only connect to devices of the given Nitrokey model.
We introduce a new struct DeviceModel instead of using
nitrokey::DeviceModel to make sure that the command-line options are
parsed properly. On the long term, we should add a connect_model
function to the nitrokey crate to make the connection code easier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new option, -v/--verbose, that can be used to
increase the log level of libnitrokey. The option can be supplied
multiple times, with each occurrence increasing the verbosity of the
logging.
On the implementation side, the option is set as part of connecting the
device (piggy-backing on the previously introduced command execution
context), although it describes global state that strictly speaking could
be set anywhere. It is bad enough that libnitrokey just prints log
messages to stderr (and does not accept a file handle) and that it does
not track the log level on a per-device basis, but we don't want setting
of global state from arbitrary locations inside the program. Instead,
let's do that along with what pretty much is the first call into
libnitrokey anyway: the connection to the device.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.1. The following
notable changes have been made since 0.2.0:
- Added the pws command for accessing the password safe
- Added the lock command for locking the Nitrokey device
- Adjust release build compile options to optimize binary for size
- Bumped nitrokey dependency to 0.2.3
- Bumped rand dependency to 0.6.1
- Added rustc_version version 0.2.3, semver version 0.9.0, and
semver-parser version 0.7.0 as indirect dependencies
- Bumped cc dependency to 1.0.28
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change updates the nitrokey crate to version 0.2.3. This version
bumps the rand crate used to 0.6.1, which in turn requires an additional
set of dependencies.
Import subrepo nitrokey/:nitrokey at b3e2adc5bb1300441ca74cc7672617c042f3ea31
Import subrepo rand/:rand at 73613ff903512e9503e41cc8ba9eae76269dc598
Import subrepo rustc_version/:rustc_version at 0294f2ba2018bf7be672abd53db351ce5055fa02
Import subrepo semver-parser/:semver-parser at 750da9b11a04125231b1fb293866ca036845acee
Import subrepo semver/:semver at 5eb6db94fa03f4d5c64a625a56188f496be47598
|
| |
|
|
|
|
| |
This change updates the cc crate to version 1.0.28.
Import subrepo cc/:cc at 9490b5ecb43b8b926f96a7e484fa83e39620d8e5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The program's binary is more than 1,5 MiB in size (after stripping debug
symbols). Although in general that is not a size to worry about, keeping
a small binary and memory footprint is beneficial in the majority of
cases and leaves a tangentially better impression with users.
To that end, this change enables the following optimizations to be
performed when creating a release build:
1) We compile with optimization for code size. We have no performance
sensitive code and are communicating with a slow I/O device to begin
with, meaning that binary size will ultimately have the most weight
when judging the program. Hence, minimizing it seems like the best
trade-off.
2) We enable link-time optimization (LTO). At the expense of compilation
time (which is not a concern for what may almost be considered a
one-off operation), this step can reduce binary size by eliminating
more unused code as well as enable performance related optimizations
not possible without this setting. For similar reasons we disable
incremental builds and treat the entire compilation as one unit.
The end result of these optimizations is a reduction of binary size by
almost a fourth (420 KiB).
Those optimizations come at little to no cost (depending on one's view).
There is another one that we could enable and that is to abort on panics
instead of unwinding, yielding savings of 44 KiB. However, we refrained
from doing so because that has a negative impact on the amount of error
reporting happening in case of a panic.
|
| |
|
|
|
|
| |
This patch implements the lock command that locks the password safe and,
on the Nitrokey Storage, the encrypted volume. See issue #18 for
details on the locking mechanism.
|
| |
|
|
|
| |
This patch adds the basic structure for the pws command that can be used
to access the password safe on the Nitrokey Pro and Nitrokey Storage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.0. The following
notable changes have been made since 0.1.3:
- Use the nitrokey crate for the 'open', 'close', and 'status'
commands instead of directly communicating with the Nitrokey device
- Added nitrokey version 0.2.1 as a direct dependency and
nitrokey-sys version 3.4.1 as well as rand version 0.4.3 as
indirect dependencies
- Removed the hid, hidapi-sys and pkg-config dependencies
- Added the 'otp' command for working with one-time passwords
- Added the 'config' command for reading and writing the device configuration
- Added the 'pin' command for managing PINs
- Renamed the 'clear' command to 'pin clear'
- Moved 'open' and 'close' commands as subcommands into newly introduced
'storage' command
- Moved printing of storage related information from 'status' command
into new 'storage status' subcommand
- Made 'status' command work with Nitrokey Pro devices
- Enabled CI pipeline comprising code style conformance checks, linting,
and building of the project
- Added badges indicating pipeline status, current crates.io published
version of the crate, and minimum version of rustc required
- Fixed wrong messages in the pinentry dialog that were caused by unescaped
spaces in a string
- Use the argparse crate to parse the command-line arguments
- Added argparse dependency in version 0.2.2
|
| |
|
|
|
|
|
|
|
| |
We have functionality for changing the Nitrokey's user & admin PINs as
well as for resetting the user PIN coming up. With the prospect of this
new functionality arriving, it makes sense to introduce a new top-level
command for the sole purpose of PIN management.
This change introduces such a command, pin, and moves the existing clear
command for clearing the PIN cache into it.
|
| |
|
|
|
|
|
|
|
|
| |
The 'status' command has traditionally printed information about the
connected Nitrokey and that included storage specific data if the device
present is a Nitrokey Storage.
Given that we have a root-level 'storage' command it arguably makes
sense to move the printing of the storage related status information
into a 'status' sub-command of the said command, which makes the output
more predictable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upon their inception, the 'open' and 'close' commands were pretty much
the only relevant commands the program provided and it made sense to
have them reside in the root namespace. By now we support more commands
and have started to structure them in a more hierarchical fashion.
To go with the flow, this change introduces a new 'storage' command and
makes the existing 'open' and 'close' commands subcommands of it. We
chose the name 'storage' (over, say, 'volume') because we plan to move
the printing of the storage related status from the 'status' root level
command into a subcommand within 'storage'.
|
| |
|
|
|
| |
This patch adds the top-level config command. Its subcommands will
provide access to the device configuration.
|
| |
|
|
|
|
|
|
| |
Currently, the status command fails for a Nitrokey Pro. This patch
changes the command to also print basic status information for Pro
devices. For the sake of consistency, the common status is always
queried using the common `Device` functions, even if the Storage status
includes the same information.
|
| |
|
|
|
| |
This patch adds the `otp` top-level command. Its subcommands provide
access to one-time passwords on the Nitrokey.
|
| |
|
|
|
|
|
|
|
| |
This patch replaces the macro for argument parsing with
`argparse::ArgumentParser` from the argparse crate. It moves the
application logic to the `commands` module and the argument parsing to
the `options` module. An enum is used to represent the available
commands. The code is based on the `subcommands.rs` example shipped
with argparse.
|
| |
|
|
|
|
|
|
|
| |
This patch adds the crate rust-argparse [0] in version 0.2.2 as a
dependency, as discussed in issue #4.
[0] https://github.com/tailhook/rust-argparse
Import subrepo argparse/:argparse at 0de60a5e6d9ee1a3570d6089afd3ccd6ed7480c5
|
| |
|
|
|
|
|
| |
Spaces in the arguments for gpg-connect-agent’s `GET_PASSPHRASE` command
have to be esaced using a plus sign. Somehow this was missing for the
prompt argument. This patch adds escaping for the prompt so that the
pinentry dialog is displayed correctly.
|
