aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md110
-rwxr-xr-xotp.bash7
2 files changed, 90 insertions, 27 deletions
diff --git a/README.md b/README.md
index ad3a121..6c0ad4d 100644
--- a/README.md
+++ b/README.md
@@ -9,52 +9,84 @@ one-time-password (OTP) tokens.
```
Usage:
- pass otp [show] [--clip,-c] pass-name
+
+ pass otp [code] [--clip,-c] pass-name
Generate an OTP code and optionally put it on the clipboard.
If put on the clipboard, it will be cleared in 45 seconds.
- pass otp insert totp [--secret=key,-s key] [--algorithm alg,-a alg]
- [--period=seconds,-p seconds]
- [--digits=digits,-d digits] [--force,-f] pass-name
- Insert new TOTP secret. Prompt before overwriting existing password
- unless forced.
- pass otp insert hotp [--secret=secret,-s secret]
- [--digits=digits,-d digits] [--force,-f]
- pass-name counter
- Insert new HOTP secret with initial counter. Prompt before overwriting
- existing password unless forced.
+
+ pass otp insert [--force,-f] [--echo,-e] [uri] pass-name
+ Insert a new OTP key URI. If one is not supplied, it will be read from
+ stdin. Optionally, echo the input. Prompt before overwriting existing
+ password unless forced.
+
pass otp uri [--clip,-c] [--qrcode,-q] pass-name
- Create a secret key URI suitable for importing into other TOTP clients.
- Optionally, put it on the clipboard, or display a QR code.
+ Display the key URI stored in pass-name. Optionally, put it on the
+ clipboard, or display a QR code.
+
+ pass otp validate uri
+ Test if the given URI is a valid OTP key URI.
More information may be found in the pass-otp(1) man page.
```
-## Example
+## Examples
Insert a TOTP token:
```
-$ pass otp insert totp -s AAAAAAAAAAAAAAAAAAAAA totp-secret
-[master 4f9b989] Add given OTP secret for totp-secret to store.
- 1 file changed, 0 insertions(+), 0 deletions(-)
- create mode 100644 totp-secret.gpg
+$ pass otp insert otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA totp-secret
+```
+Have `pass-otp` prompt you for a token (avoids potential shell history leakage):
-$ pass show totp-secret
-otp_secret: AAAAAAAAAAAAAAAAAAAAA
-otp_type: totp
-otp_algorithm: sha1
-otp_period: 30
-otp_digits: 6
+```
+$ pass otp insert totp-secret
+```
+
+Pipe an `otpauth://` URI into a passfile:
+
+```
+$ cat totp-uri.txt | pass otp insert totp-secret
+```
+
+Use `[zbar](http://zbar.sourceforge.net/)` to decode a QR image into a passfile:
+
+```
+$ zbarimg -q --raw qrcode.png | pass otp insert totp-secret
```
Generate a 2FA code using this token:
```
-$ pass otp show totp-secret
+$ pass otp totp-secret
698816
```
+Display a QR code for an OTP token:
+
+```
+$ pass otp uri -q totp-secret
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ ██▄▄ ▀█ ▀ █▀█ ▄▄▄▄▄ ████
+████ █ █ █▀▄ █▀▀▄▀▀██ █ █ █ ████
+████ █▄▄▄█ █▄▀ █▄▄▄ █▀▀▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄█ ▀ █▄█ ▀▄█▄▄▄▄▄▄▄████
+████▄▄▀██▄▄ ▀▄ █▄█▀ ▀▄▀▀▄▀█▀ ▄▀██████
+████ ▀▄▀ ▄▀ ▄▀ ▄▄ ▄ ███ ██ █ ███████
+████▀▀ ▄▄█▄▄▄▄ █ █ ▀███▀▄▀ ▀▀█ ████
+████▀▄▀ ▀ ▄█▀▄██ ▀▀▄██▀█▀▄▀▀ ▀█▀████
+████▀ █▀ ▄▄██ █▀▄▄▄ ▄▀ ▄▀ ▀ ▄▀▀████
+████ ▄ ▀█ ▄█▄ ▀ ▄██▄▀██▄ ▀▀▀█ ▄▀ ████
+████▄█▄▄▄█▄▄ █▄▄ ▀█ █▄█▀ ▄▄▄ █▄█▄████
+████ ▄▄▄▄▄ █ ▄▀▀▀▀▄ █▄▄ █▄█ ███▀████
+████ █ █ ██▀▄ █▄█ ▀█▀ ▄▄▄█▀▄ ████
+████ █▄▄▄█ █▀▄ █ █ ██▄▄▀ ▀▄█ ▄▀████
+████▄▄▄▄▄▄▄█▄█▄▄███▄█▄█▄█▄█▄██▄██████
+█████████████████████████████████████
+█████████████████████████████████████
+```
+
## Installation
```
@@ -69,6 +101,34 @@ sudo make install
- `oathtool` for generating 2FA codes
- `qrencode` for generating QR code images
+## Migrating from pass-otp 0.1
+
+`pass-otp` has switched to storing OTP tokens in the
+standard
+[Key Uri Format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
+You'll need to edit any saved tokens and change them to this format. For
+example:
+
+```
+$ pass edit totp-secret
+```
+
+Old format:
+
+```
+otp_secret: AAAAAAAAAAAAAAAA
+otp_type: totp
+otp_algorithm: sha1
+otp_period: 30
+otp_digits: 6
+```
+
+New format:
+
+```
+otpauth://
+```
+
## License
```
diff --git a/otp.bash b/otp.bash
index 91661d8..f094fa2 100755
--- a/otp.bash
+++ b/otp.bash
@@ -85,16 +85,20 @@ otp_insert() {
cmd_otp_usage() {
cat <<-_EOF
Usage:
- $PROGRAM otp [show] [--clip,-c] pass-name
+
+ $PROGRAM otp [code] [--clip,-c] pass-name
Generate an OTP code and optionally put it on the clipboard.
If put on the clipboard, it will be cleared in $CLIP_TIME seconds.
+
$PROGRAM otp insert [--force,-f] [--echo,-e] [uri] pass-name
Insert a new OTP key URI. If one is not supplied, it will be read from
stdin. Optionally, echo the input. Prompt before overwriting existing
password unless forced.
+
$PROGRAM otp uri [--clip,-c] [--qrcode,-q] pass-name
Display the key URI stored in pass-name. Optionally, put it on the
clipboard, or display a QR code.
+
$PROGRAM otp validate uri
Test if the given URI is a valid OTP key URI.
@@ -128,7 +132,6 @@ cmd_otp_insert() {
[[ "$uri" == "$uri_again" ]] || die "Error: the entered URIs do not match."
else
read -r -p "Enter otpauth:// URI for $path: " -e uri
- echo
fi
else
read -r uri