| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
This change adds support for changing the read-write mode of the
unencrypted volume. To do so, we introduce a new top-level command,
unencrypted, with a new subcommand, set, that accepts the new mode of
the volume.
|
|
|
|
|
|
|
|
| |
This change is the last step in the process of restructuring the storage
command. In particular, now that functionality pertaining hidden volumes
has been moved out into a dedicated top-level command, it renames said
command to encrypted, because dealing with the encrypted volume is the
only functionality it provides.
|
|
|
|
|
|
| |
This patch marks the next step in the process of restructuring the
storage command. Specifically, it promotes the storage hidden subcommand
to a top-level command, hidden.
|
|
|
|
|
|
|
|
| |
In an attempt to rework the structure of the storage command to better
accommodate future requirements for allowing to change the read-write
state of the unencrypted volume (as well as potentially the encrypted
one), this change removes the storage status subcommand and merges its
output into the storage command.
|
| |
|
| |
|
|
|
|
|
|
| |
If nitrokey-app is running, the device it connected to cannot be
detected by other applications. This patch adds this issue to the list
of known problems in the README.
|
|
|
|
|
|
| |
This change updates the README and the man page with documentation about
hidden volumes in general and the storage hidden subcommand in
particular.
|
|
|
|
|
| |
This change adds a new section briefly elaborating on the problem of
using the program on macOS and details a possible solution.
|
|
|
|
|
|
|
|
| |
By now the nitrocli ebuild has been upstreamed for recent releases and
is available in the official Gentoo Portage tree.
This change updates the references to the Gentoo ebuild in the README
from the custom Github mirror to the official Gentoo Portage tree to
move users towards using the official ebuild.
|
|
|
|
|
| |
This change adjusts the README to reflect that we support both Nitrokey
Pro and Nitrokey Storage devices with the program.
|
|
|
|
|
|
| |
This patch adds documentation and examples for the lock command to the
README and to the man page. It also adds the lock command to the
top-level help message.
|
|
|
|
|
| |
This patch adds documentation and examples for the pws commands to the
README and to the man page.
|
|
|
|
|
|
| |
This change adds a new file, CONTRIBUTING.md, that details some
generally applicable rules for the contribution to this project. It also
links this file from the README.
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes the following set of changes to the installation
sections:
- Note that Rust and Cargo are implicit dependencies
- Remove the notice about the hid crate being required from the "From
Source" section as that is no longer a requirement with the switch to
using the nitrokey crate
- Mention that from source compilation should happen from the nitrocli/
subfolder
|
|
|
|
|
|
| |
This change reorders the individual ways to install the program in order
of preference. If possible, the user most likely wants to use a
distribution's package over installation from crates.io or from source.
|
|
|
|
|
|
| |
This change adds a new section detailing the project's license to the
README. Having such a section seems to be relatively common practice
among projects.
|
|
|
|
|
|
|
|
|
| |
This change removes the note about firmware version 0.47 being the
minimum required. The note is outdated, because with the switch to using
the nitrokey crate and with it libnitrokey we no longer have such a
requirement as the CRC check we performed that caused incompatibilities
with earlier versions does not exist in libnitrokey (see issue
Nitrokey/libnitrokey issue #134).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new target to the Makefile that can be used for
generating a PDF version of the man page. It also checks in the
generated file and links to it from the README.
We have also experimented with creation of an HTML version, but at least
the groff generated file is not very visually pleasing and also cannot
be linked to directly from Github. Github wants to prevent hosting of
web pages directly like this in repositories and instead promote their
Github Pages solution for that purpose. To that end they deliver content
with a Content-Type representing plain text which causes HTML to not be
rendered. PDF content, however, is rendered in-line and looks reasonable
at that.
|
|
|
|
|
| |
This change implements the pin set command which can be used to change
a Nitrokey's user or admin PIN.
|
|
|
|
|
|
|
| |
This patch implements the pin unblock command that unblocks and resets
the user PIN. The name unblock is chosen over libnitrokey's unlock to
be consistent with the GnuPG terminology and to avoid confusion with the
unrelated lock command.
|
|
|
|
|
|
|
|
|
| |
We have functionality for changing the Nitrokey's user & admin PINs as
well as for resetting the user PIN coming up. With the prospect of this
new functionality arriving, it makes sense to introduce a new top-level
command for the sole purpose of PIN management.
This change introduces such a command, pin, and moves the existing clear
command for clearing the PIN cache into it.
|
|
|
|
|
| |
This patch adds documentation and examples for config get and config set
to the README and to the man page.
|
|
|
|
|
|
|
|
|
|
| |
The 'status' command has traditionally printed information about the
connected Nitrokey and that included storage specific data if the device
present is a Nitrokey Storage.
Given that we have a root-level 'storage' command it arguably makes
sense to move the printing of the storage related status information
into a 'status' sub-command of the said command, which makes the output
more predictable.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upon their inception, the 'open' and 'close' commands were pretty much
the only relevant commands the program provided and it made sense to
have them reside in the root namespace. By now we support more commands
and have started to structure them in a more hierarchical fashion.
To go with the flow, this change introduces a new 'storage' command and
makes the existing 'open' and 'close' commands subcommands of it. We
chose the name 'storage' (over, say, 'volume') because we plan to move
the printing of the storage related status from the 'status' root level
command into a subcommand within 'storage'.
|
|
|
|
|
|
|
| |
With recent refactorings the output of the status command changed
slightly.
With this patch we update the README that happens to provide an example
of said output in accordance with this change.
|
|
|
|
|
|
|
| |
The Nitrokey UG was generous enough to sponsor a Nitrokey Pro as well as
a Nitrokey Storage device for development and testing of the program.
This change mentions the company in the acknowledgments section of the
README.
|
|
|
|
|
| |
This patch adds the otp commands to the README and describes them in the
nitrocli(1) man page.
|
|
|
|
|
|
| |
This change adds a new section for acknowledgments surrounding the
program to the README. Robin Krahl (robinkrahl @ Github) has been a
great help with respect to recent developments.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past we have used the 'devel' branch for more or less early
development work that includes the occasional rebase to fix up mistakes
and keep the history clean. That is a non-starter when it comes to
tagging signed releases, which we have introduced recently.
Hence, there is no point in diverging from what the rest of the world is
doing by using a branch name other than 'master' as the main development
vehicle.
By now we have introduced two dependencies on the branch name into the
code base, which this change fixes up.
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds another two badges to the repository. The first one
simply lists the most recent version of the crate as published on
crates.io. The second one states the minimum version of rustc that is
required for building. We have recently switched to using Rust 2018 and
with that we have a requirement for version 1.31 of the toolchain. In
the future the hope is that now that we have a proper CI/CD pipeline
based off of Docker images we should be able to build on past versions
of Rust, even if they are not used during development.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a configuration file for the Gitlab CI/CD pipeline to
the repository. This file (directly or indirectly) controls the
environment in which to build, what exactly to build, and ultimately
would also be used to define what tests to run.
With the pipeline in place the change also adds a badge indicating the
status of the build on the project's front page.
The following other CI services have been evaluated or tested and found
to be insufficient for the needs at hand:
- Travis CI: Does not support configuration in a directory other than
the repository root
- Cirrus CI: Has the same problem
- Semaphore: Does not support Rust
- Circle CI: Does not support Rust
- Google Cloud Build: Pretty much strictly a paid service
|
|
|
|
|
|
| |
This change adds a link to the nitrocli package for Arch Linux to the
README. The package is currently available in the Arch User Repository
(AUR).
|
|
|
|
|
|
|
|
|
|
| |
In order for users to decide whether an update of the program is
justified (or, to potentially help in identifying changes that resulted
in a regression), it is often a good idea to provide a brief summary of
all the changes that went into a particular release.
With this change we add a change log for the program to the repository.
Through a bit of code archeology the log stretches back to the initial
release.
|
|
|
|
|
|
|
|
|
|
|
| |
In the past the Nitrokey Storage device reported wrong CRC values for
certain commands, e.g., the closing of an encrypted volume. This problem
was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32
Firmware version 0.47 includes a fix for the problem. With this change
we remove the workaround for the incorrect CRC from nitrocli. By doing
so, we require the Nitrokey Storage to be running firmware 0.47 or
higher to be properly usable.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nitrokey-storage-firmware package defines an array of four byte
values to hold information about the firmware version. libnitrokey uses
a similar definition but overlays it with some more semantically
meaningful information by putting it into a union:
union {
uint8_t VersionInfo_au8[4];
struct {
uint8_t __unused;
uint8_t major;
uint8_t __unused2;
uint8_t minor;
} versionInfo;
};
In order to derive the firmware version representation for nitrocli we
used the same major/minor version definition as libnitrokey. This
definition, however, is wrong or at least not in line with how the
firmware is versioned officially.
This change reworks the way we interpret the version information
reported by the Nitrokey Storage device. Like the firmware, we treat the
first byte as the major version and the second one as the minor version.
The remaining two bytes seem to represent the build number and an
internal version according to usage of those fields in
nitrokey-storage-firmware but we ignore both to keep the reported string
similar to that of the nitrokey-app.
|
|
|
|
|
|
|
|
|
|
| |
We currently unconditionally use gpg-agent to enter the PIN to use when
opening the encrypted volume. The agent has the advantage of caching the
password for us so that subsequent invocations against the same cache
entry can be served without user interaction.
For various reasons, however, it can be desirable to have the ability to
remove this entry from the cache. This change introduces a new command
'clear' that achieves precisely this task.
|
|
|
|
|
|
|
|
|
|
|
| |
The nitrokey supports a status command that instructs it to report
details about itself. This data includes general useful information such
as the current version of the firmware being installed along with more
contextual bits such as the number of remaining retries for the user
and admin PINs or whether the different volumes (unencrypted, encrypted,
hidden) are writable.
This change introduces the 'status' command line option that can be used
to retrieve this information from the nitrokey and to display it.
|
|
With this change we assemble a HID feature report and send it to the
nitrokey device. Feature reports are the objects used for sending
commands to the nitrokey. We create two different reports for
opening and closing of the encrypted volume.
|