diff options
| author | Tad Fisher <tad@simple.com> | 2017-03-20 09:37:35 -0700 |
|---|---|---|
| committer | Tad Fisher <tad@simple.com> | 2017-03-20 09:42:15 -0700 |
| commit | 38482e42167a898c5881170f1e8fe0a7a9599214 (patch) | |
| tree | ffd17997fcfa5d36743b0044e5c354a187cd8a66 /README.md | |
| parent | 224c4dc57ee42215806c6fb8b92e64ddebaa7fd7 (diff) | |
Update README
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 110 |
1 files changed, 85 insertions, 25 deletions
@@ -9,52 +9,84 @@ one-time-password (OTP) tokens. ``` Usage: - pass otp [show] [--clip,-c] pass-name + + pass otp [code] [--clip,-c] pass-name Generate an OTP code and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. - pass otp insert totp [--secret=key,-s key] [--algorithm alg,-a alg] - [--period=seconds,-p seconds] - [--digits=digits,-d digits] [--force,-f] pass-name - Insert new TOTP secret. Prompt before overwriting existing password - unless forced. - pass otp insert hotp [--secret=secret,-s secret] - [--digits=digits,-d digits] [--force,-f] - pass-name counter - Insert new HOTP secret with initial counter. Prompt before overwriting - existing password unless forced. + + pass otp insert [--force,-f] [--echo,-e] [uri] pass-name + Insert a new OTP key URI. If one is not supplied, it will be read from + stdin. Optionally, echo the input. Prompt before overwriting existing + password unless forced. + pass otp uri [--clip,-c] [--qrcode,-q] pass-name - Create a secret key URI suitable for importing into other TOTP clients. - Optionally, put it on the clipboard, or display a QR code. + Display the key URI stored in pass-name. Optionally, put it on the + clipboard, or display a QR code. + + pass otp validate uri + Test if the given URI is a valid OTP key URI. More information may be found in the pass-otp(1) man page. ``` -## Example +## Examples Insert a TOTP token: ``` -$ pass otp insert totp -s AAAAAAAAAAAAAAAAAAAAA totp-secret -[master 4f9b989] Add given OTP secret for totp-secret to store. - 1 file changed, 0 insertions(+), 0 deletions(-) - create mode 100644 totp-secret.gpg +$ pass otp insert otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA totp-secret +``` +Have `pass-otp` prompt you for a token (avoids potential shell history leakage): -$ pass show totp-secret -otp_secret: AAAAAAAAAAAAAAAAAAAAA -otp_type: totp -otp_algorithm: sha1 -otp_period: 30 -otp_digits: 6 +``` +$ pass otp insert totp-secret +``` + +Pipe an `otpauth://` URI into a passfile: + +``` +$ cat totp-uri.txt | pass otp insert totp-secret +``` + +Use `[zbar](http://zbar.sourceforge.net/)` to decode a QR image into a passfile: + +``` +$ zbarimg -q --raw qrcode.png | pass otp insert totp-secret ``` Generate a 2FA code using this token: ``` -$ pass otp show totp-secret +$ pass otp totp-secret 698816 ``` +Display a QR code for an OTP token: + +``` +$ pass otp uri -q totp-secret +█████████████████████████████████████ +█████████████████████████████████████ +████ ▄▄▄▄▄ ██▄▄ ▀█ ▀ █▀█ ▄▄▄▄▄ ████ +████ █ █ █▀▄ █▀▀▄▀▀██ █ █ █ ████ +████ █▄▄▄█ █▄▀ █▄▄▄ █▀▀▄ █ █▄▄▄█ ████ +████▄▄▄▄▄▄▄█▄▀▄█ ▀ █▄█ ▀▄█▄▄▄▄▄▄▄████ +████▄▄▀██▄▄ ▀▄ █▄█▀ ▀▄▀▀▄▀█▀ ▄▀██████ +████ ▀▄▀ ▄▀ ▄▀ ▄▄ ▄ ███ ██ █ ███████ +████▀▀ ▄▄█▄▄▄▄ █ █ ▀███▀▄▀ ▀▀█ ████ +████▀▄▀ ▀ ▄█▀▄██ ▀▀▄██▀█▀▄▀▀ ▀█▀████ +████▀ █▀ ▄▄██ █▀▄▄▄ ▄▀ ▄▀ ▀ ▄▀▀████ +████ ▄ ▀█ ▄█▄ ▀ ▄██▄▀██▄ ▀▀▀█ ▄▀ ████ +████▄█▄▄▄█▄▄ █▄▄ ▀█ █▄█▀ ▄▄▄ █▄█▄████ +████ ▄▄▄▄▄ █ ▄▀▀▀▀▄ █▄▄ █▄█ ███▀████ +████ █ █ ██▀▄ █▄█ ▀█▀ ▄▄▄█▀▄ ████ +████ █▄▄▄█ █▀▄ █ █ ██▄▄▀ ▀▄█ ▄▀████ +████▄▄▄▄▄▄▄█▄█▄▄███▄█▄█▄█▄█▄██▄██████ +█████████████████████████████████████ +█████████████████████████████████████ +``` + ## Installation ``` @@ -69,6 +101,34 @@ sudo make install - `oathtool` for generating 2FA codes - `qrencode` for generating QR code images +## Migrating from pass-otp 0.1 + +`pass-otp` has switched to storing OTP tokens in the +standard +[Key Uri Format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format). +You'll need to edit any saved tokens and change them to this format. For +example: + +``` +$ pass edit totp-secret +``` + +Old format: + +``` +otp_secret: AAAAAAAAAAAAAAAA +otp_type: totp +otp_algorithm: sha1 +otp_period: 30 +otp_digits: 6 +``` + +New format: + +``` +otpauth:// +``` + ## License ``` |