From 99fde3cac7c9cf278b81876994d3a4f4b795b8ce Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Tue, 7 Jul 2020 17:35:50 -0700 Subject: Change default OTP format to base32 An arguably unrepresentative survey of services (GitHub, Google Authenticator, and Bitbucket) seems to suggests that the base32 format is the de-facto standard format for OTP secrets. Given that it's not necessarily obvious what format a secret is in and that most services refrain from mentioning it explicitly, having the correct default format is fairly important. With this change we switch the default format from hexadecimal to base32 to accommodate for this finding. --- CHANGELOG.md | 5 +++++ doc/nitrocli.1 | 4 ++-- doc/nitrocli.1.pdf | Bin 38453 -> 38611 bytes src/args.rs | 2 +- src/tests/otp.rs | 7 ++++--- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 152eff1..ced56c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +Unreleased +---------- +- Changed default OTP format from `hex` to `base32` + + 0.3.3 ----- - Added bash completion support via `shell-complete` utility program diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index 04bfe61..0d33cd6 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -1,4 +1,4 @@ -.TH NITROCLI 1 2020-01-29 +.TH NITROCLI 1 2020-08-04 .SH NAME nitrocli \- access Nitrokey devices .SH SYNOPSIS @@ -148,7 +148,7 @@ If it is set to \fBbase32\fR, the secret is interpreted as a base32 string according to RFC 4648. If it is set to \fBhex\fR, every two characters are interpreted as the hexadecimal value of one byte. -The default value is \fBhex\fR. +The default value is \fBbase32\fR. \fIalgorithm\fR is the OTP algorithm to use. Possible values are \fBhotp\fR for the HOTP algorithm according to RFC 4226 and diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf index 596e794..bdf7ac2 100644 Binary files a/doc/nitrocli.1.pdf and b/doc/nitrocli.1.pdf differ diff --git a/src/args.rs b/src/args.rs index 91b340c..56a10b4 100644 --- a/src/args.rs +++ b/src/args.rs @@ -269,7 +269,7 @@ pub struct OtpSetArgs { #[structopt(short, long, default_value = "30")] pub time_window: u16, /// The format of the secret - #[structopt(short, long, default_value = OtpSecretFormat::Hex.as_ref(), + #[structopt(short, long, default_value = OtpSecretFormat::Base32.as_ref(), possible_values = &OtpSecretFormat::all_str())] pub format: OtpSecretFormat, /// The OTP slot to use diff --git a/src/tests/otp.rs b/src/tests/otp.rs index f923170..837b075 100644 --- a/src/tests/otp.rs +++ b/src/tests/otp.rs @@ -23,7 +23,8 @@ use crate::args; #[test_device] fn set_invalid_slot_raw(model: nitrokey::Model) { - let (rc, out, err) = Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234"]); + let (rc, out, err) = + Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234", "-f", "hex"]); assert_ne!(rc, 0); assert_eq!(out, b""); @@ -32,7 +33,7 @@ fn set_invalid_slot_raw(model: nitrokey::Model) { #[test_device] fn set_invalid_slot(model: nitrokey::Model) { - let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234"]); + let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234", "-f", "hex"]); assert_eq!( res.unwrap_lib_err(), @@ -54,7 +55,7 @@ fn status(model: nitrokey::Model) -> crate::Result<()> { let mut ncli = Nitrocli::with_model(model); // Make sure that we have at least something to display by ensuring // that there is one slot programmed. - let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456"])?; + let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456", "-f", "hex"])?; let out = ncli.handle(&["otp", "status"])?; assert!(re.is_match(&out), out); -- cgit v1.2.3