| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
| |
After performing the factory reset, we also build the AES key so that
the device is fully usable. Due to timing issue, we have to add a delay
between the factory reset and building the AES key.
|
| |
|
|
|
|
|
|
| |
The -V/--version option prints the nitrocli version to stdout and exits.
In the future, it should also print the used libnitrokey version, but as
the required function is only available with nitrokey 0.3.2 and as the
current interface does not reflect the latest change in version naming,
I skipped that in this patch.
|
| |
|
|
|
|
| |
This change updates the README and the man page with documentation about
hidden volumes in general and the storage hidden subcommand in
particular.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The application supports multiple devices both plugged in at the same
time as well as when used after the other. However, the GPG cache ID we
use for storing and retrieving the respective PIN is effectively a
constant. This constraint can cause problems when devices have different
PINs, as the PIN of a previously plugged in device may be reused for an
operation on a different one.
To resolve this problem this change adds the respective device's model
and serial number to the cache ID. As each serial number is supposed to
be different, this will ensure that the correct PIN is used for each
device. With this change we also show the model and serial number of the
currently used device in the pinentry dialog.
Note that because we do not store the serial numbers of all previously
plugged in devices, the pin clear command will only clear the PIN for
the currently plugged in device. If a user wants to make sure that a
cached PIN is cleared, the pin clear command should be invoked before
unplugging the device.
|
| |
|
|
|
|
|
|
|
| |
The command detailed in the PIN section in the man page exhibit a larger
line spacing than all the other commands documented. The reason is that
we have an addition newline between each of the individual subcommands
in this section.
This patch removes this additional newline to achieve a more consistent
appearance.
|
| |
|
|
|
|
|
|
|
|
|
| |
The second source of interactivity comes from the pin set and pin
unblock commands, which also inquire with the pinentry module to ask the
user for a PIN.
This change adjusts the two commands to honor the PINs as available in
the command execution context. It also updates the documentation
to reflect the availability of the newly introduced and honored
environment variables NITROCLI_ADMIN_PIN & NITROCLI_USER_PIN as well as
NITROCLI_NEW_ADMIN_PIN & NITROCLI_NEW_USER_PIN.
|
| |
|
|
|
|
|
| |
Many applications display OTP secrets in the base32 format (according to
RFC 4648).
This patch adds base32 as a possible value for the --format option to
the otp set subcommand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces the -f/--format options for the otp set
subcommand to specify the format of the OTP secret. Previously, the
default format was hexadecimal and ASCII format could be selected using
the --ascii option. The new --format option takes the argument hex or
ascii, defaulting to hex, and replaces the --ascii option.
This patch does not remove the --ascii option but marks it as
deprecated. It may not be set together with --format, and a warning is
printed if it is set. It should be deleted with the next minor release.
This patch prepares the addition of a new format, base32.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the -m/--model option that can be used to restrict the
device model to connect to. Per default, nitrocli connects to any
available Nitrokey device. If this new option is set, it will instead
only connect to devices of the given Nitrokey model.
We introduce a new struct DeviceModel instead of using
nitrokey::DeviceModel to make sure that the command-line options are
parsed properly. On the long term, we should add a connect_model
function to the nitrokey crate to make the connection code easier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new option, -v/--verbose, that can be used to
increase the log level of libnitrokey. The option can be supplied
multiple times, with each occurrence increasing the verbosity of the
logging.
On the implementation side, the option is set as part of connecting the
device (piggy-backing on the previously introduced command execution
context), although it describes global state that strictly speaking could
be set anywhere. It is bad enough that libnitrokey just prints log
messages to stderr (and does not accept a file handle) and that it does
not track the log level on a per-device basis, but we don't want setting
of global state from arbitrary locations inside the program. Instead,
let's do that along with what pretty much is the first call into
libnitrokey anyway: the connection to the device.
|
| |
|
|
|
|
|
| |
To make life easier for possible future maintainers, this change
documentes the packaging process for Arch Linux and Debian in the
doc/packaging.md file. Note that nitrocli is not yet packaged for
Debian, so that section is hypothetical.
|
| |
|
|
|
|
| |
This patch adds documentation and examples for the lock command to the
README and to the man page. It also adds the lock command to the
top-level help message.
|
| |
|
|
|
| |
This patch adds documentation and examples for the pws commands to the
README and to the man page.
|
| |
|
|
|
|
| |
This change adds a new file, CONTRIBUTING.md, that details some
generally applicable rules for the contribution to this project. It also
links this file from the README.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new target to the Makefile that can be used for
generating a PDF version of the man page. It also checks in the
generated file and links to it from the README.
We have also experimented with creation of an HTML version, but at least
the groff generated file is not very visually pleasing and also cannot
be linked to directly from Github. Github wants to prevent hosting of
web pages directly like this in repositories and instead promote their
Github Pages solution for that purpose. To that end they deliver content
with a Content-Type representing plain text which causes HTML to not be
rendered. PDF content, however, is rendered in-line and looks reasonable
at that.
|
| |
|
|
|
| |
This change implements the pin set command which can be used to change
a Nitrokey's user or admin PIN.
|
| |
|
|
|
|
|
| |
This patch implements the pin unblock command that unblocks and resets
the user PIN. The name unblock is chosen over libnitrokey's unlock to
be consistent with the GnuPG terminology and to avoid confusion with the
unrelated lock command.
|
| |
|
|
|
|
|
|
|
| |
We have functionality for changing the Nitrokey's user & admin PINs as
well as for resetting the user PIN coming up. With the prospect of this
new functionality arriving, it makes sense to introduce a new top-level
command for the sole purpose of PIN management.
This change introduces such a command, pin, and moves the existing clear
command for clearing the PIN cache into it.
|
| |
|
|
|
|
|
|
|
|
| |
This patch changes the otp get command to set the Nitrokey's time before
generating a one-time password using the TOTP algorithm. Per default,
it sets the time to the current system time. If the --time option is
set, it uses its value instead. See issue #34 [0] for a discussion of
this change.
[0] https://github.com/d-e-s-o/nitrocli/issues/34
|
| |
|
|
|
|
|
|
|
|
| |
The main change introduced in this patch is the correct usage of - and
\-. Instead of the \(em macro for em-dashes as suggested by
man-pages(7) it uses the \(en macro: Both dashes are typeset as a
single UTF-8 character on my terminal. If spaces are omitted, the
resulting text is very hard to read if set in monospace fonts as the en-
or em-dash is not significantly different from a regular dash. The
em-dash may not be used with spaces, hence the usage of en-dash.
|
| |
|
|
|
|
| |
The man page incorrectly documented the otp get command twice. The
second occurrence is supposed to detail the otp clear command. This
change adjusts the code accordingly.
|
| |
|
|
|
| |
This patch adds documentation and examples for config get and config set
to the README and to the man page.
|
| |
|
|
|
|
| |
This patch adds a short description of the Nitrokey OTP capabilities to
the OTP section of the man page. This should make it easier to
understand the commands without prior knowledge of the Nitrokey devices.
|
| |
|
|
|
|
|
|
|
|
| |
The 'status' command has traditionally printed information about the
connected Nitrokey and that included storage specific data if the device
present is a Nitrokey Storage.
Given that we have a root-level 'storage' command it arguably makes
sense to move the printing of the storage related status information
into a 'status' sub-command of the said command, which makes the output
more predictable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upon their inception, the 'open' and 'close' commands were pretty much
the only relevant commands the program provided and it made sense to
have them reside in the root namespace. By now we support more commands
and have started to structure them in a more hierarchical fashion.
To go with the flow, this change introduces a new 'storage' command and
makes the existing 'open' and 'close' commands subcommands of it. We
chose the name 'storage' (over, say, 'volume') because we plan to move
the printing of the storage related status from the 'status' root level
command into a subcommand within 'storage'.
|
| |
|
|
|
| |
This patch adds the otp commands to the README and describes them in the
nitrocli(1) man page.
|
| |
|
|
|
|
|
|
| |
Currently, the status command fails for a Nitrokey Pro. This patch
changes the command to also print basic status information for Pro
devices. For the sake of consistency, the common status is always
queried using the common `Device` functions, even if the Storage status
includes the same information.
|
| |
|
