1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
=head1 NAME
nkotp - one-time password generator for Nitrokey devices
=head1 SYNOPSIS
B<nkotp>
S<[B<-a> I<algorithm>]>
S<[B<-c> I<file>]>
S<[B<-m> I<model>]>
S<[B<-s> I<slot>]>
S<B<-g> | B<-h> | B<-v>>
=head1 DESCRIPTION
B<nkotp> provides access to the one-time password (OTP) generator on Nitrokey
devices. Currently, B<nkotp> only supports the generation of OTPs.
If an action requires the user password, it is prompted from the standard
input or read from the environment variable B<NKOTP_USER_PASSWORD> (if set).
=head1 OPTIONS
=head2 General options
=over
=item B<-a> I<algorithm>, B<--algorithm> I<algorithm>
Set the algorithm to use for one-time password operations. I<algorithm> can be
B<h> for HOTP and B<t> for TOTP (default).
=item B<-c> I<file>, B<--config> I<file>
Read the configuration from I<file>. See the B<FILES> section for the default
configuration files.
=item B<-m> I<model>, B<--model> I<model>
Set the Nitrokey model to connect to. I<model> can be B<p> for a Nitrokey Pro,
B<s> for a Nitrokey Storage and B<a> for automatic selection (default).
=item B<-s> I<slot>, B<--slot> I<slot>
Set the slot to use for one-time password operations. The available slots
depend on the OTP algorithm (see B<--algorithm>). Currently, Nitrokey devices
provide three HOTP and 15 TOTP slots. The slot numbering starts at one. The
default value for this option is one.
=back
=head2 Modes of operation
=over
=item B<-g>, B<--generate>
Generate a one-time password on the Nitrokey device and output it. The OTP
algorithm is set with the B<--algorithm> option. The OTP slot on the Nitrokey
device is set with the B<--slot> option.
=item B<-h>, B<--help>
Print a help message and exit.
=item B<-v>, B<--version>
Print version information and exit.
=back
=head1 CONFIGURATION
B<nkotp> can read default values for the command-line options from a
configuration file. See the B<FILES> section for more information on the
possible locations for the configuration file.
The configuration file may assign values to the following options:
=over
=item B<algorithm>
=item B<device>
=item B<slot>
=back
Each option corresponds to the command-line option with the same name. Values
set in the configuration file take precedence over environment variables.
The configuration file should contain one assignment per line. Assignments
have the form C<option = value>. String values must be enclosed in quotes.
Use the C<#> character for comments.
A valid configuration file could have the following content:
# configuration example
algorithm = "t"
slot = 3
=head1 ENVIRONMENT
=over
=item B<NKOTP_ALGORITHM>
=item B<NKOTP_CONFIG>
=item B<NKOTP_DEVICE>
=item B<NKOTP_SLOT>
If these environment variables are set, they override the default value for
the corresponding command-line option. Values that are set in the
configuration file take precedence over environment variables.
=item B<NKOTP_USER_PASSWORD>
If an action requires the user password, it is read from this environment
variable (if set).
=back
=head1 FILES
=over
=item B<${XDG_CONFIG_HOME}/nkotp/config>
User configuration file. If the environment variable B<XDG_CONFIG_HOME> is
not set, B<${HOME}/.config> is used instead. A different configuration file
can be set with the B<NKOTP_CONFIG> environment variable or the B<--config>
option.
=back
=head1 AUTHOR
Robin Krahl E<lt>robin.krahl@ireas.orgE<gt>
|
