From 38482e42167a898c5881170f1e8fe0a7a9599214 Mon Sep 17 00:00:00 2001 From: Tad Fisher Date: Mon, 20 Mar 2017 09:37:35 -0700 Subject: Update README --- README.md | 110 ++++++++++++++++++++++++++++++++++++++++++++++++-------------- otp.bash | 7 ++-- 2 files changed, 90 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index ad3a121..6c0ad4d 100644 --- a/README.md +++ b/README.md @@ -9,52 +9,84 @@ one-time-password (OTP) tokens. ``` Usage: - pass otp [show] [--clip,-c] pass-name + + pass otp [code] [--clip,-c] pass-name Generate an OTP code and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. - pass otp insert totp [--secret=key,-s key] [--algorithm alg,-a alg] - [--period=seconds,-p seconds] - [--digits=digits,-d digits] [--force,-f] pass-name - Insert new TOTP secret. Prompt before overwriting existing password - unless forced. - pass otp insert hotp [--secret=secret,-s secret] - [--digits=digits,-d digits] [--force,-f] - pass-name counter - Insert new HOTP secret with initial counter. Prompt before overwriting - existing password unless forced. + + pass otp insert [--force,-f] [--echo,-e] [uri] pass-name + Insert a new OTP key URI. If one is not supplied, it will be read from + stdin. Optionally, echo the input. Prompt before overwriting existing + password unless forced. + pass otp uri [--clip,-c] [--qrcode,-q] pass-name - Create a secret key URI suitable for importing into other TOTP clients. - Optionally, put it on the clipboard, or display a QR code. + Display the key URI stored in pass-name. Optionally, put it on the + clipboard, or display a QR code. + + pass otp validate uri + Test if the given URI is a valid OTP key URI. More information may be found in the pass-otp(1) man page. ``` -## Example +## Examples Insert a TOTP token: ``` -$ pass otp insert totp -s AAAAAAAAAAAAAAAAAAAAA totp-secret -[master 4f9b989] Add given OTP secret for totp-secret to store. - 1 file changed, 0 insertions(+), 0 deletions(-) - create mode 100644 totp-secret.gpg +$ pass otp insert otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA totp-secret +``` +Have `pass-otp` prompt you for a token (avoids potential shell history leakage): -$ pass show totp-secret -otp_secret: AAAAAAAAAAAAAAAAAAAAA -otp_type: totp -otp_algorithm: sha1 -otp_period: 30 -otp_digits: 6 +``` +$ pass otp insert totp-secret +``` + +Pipe an `otpauth://` URI into a passfile: + +``` +$ cat totp-uri.txt | pass otp insert totp-secret +``` + +Use `[zbar](http://zbar.sourceforge.net/)` to decode a QR image into a passfile: + +``` +$ zbarimg -q --raw qrcode.png | pass otp insert totp-secret ``` Generate a 2FA code using this token: ``` -$ pass otp show totp-secret +$ pass otp totp-secret 698816 ``` +Display a QR code for an OTP token: + +``` +$ pass otp uri -q totp-secret +█████████████████████████████████████ +█████████████████████████████████████ +████ ▄▄▄▄▄ ██▄▄ ▀█ ▀ █▀█ ▄▄▄▄▄ ████ +████ █ █ █▀▄ █▀▀▄▀▀██ █ █ █ ████ +████ █▄▄▄█ █▄▀ █▄▄▄ █▀▀▄ █ █▄▄▄█ ████ +████▄▄▄▄▄▄▄█▄▀▄█ ▀ █▄█ ▀▄█▄▄▄▄▄▄▄████ +████▄▄▀██▄▄ ▀▄ █▄█▀ ▀▄▀▀▄▀█▀ ▄▀██████ +████ ▀▄▀ ▄▀ ▄▀ ▄▄ ▄ ███ ██ █ ███████ +████▀▀ ▄▄█▄▄▄▄ █ █ ▀███▀▄▀ ▀▀█ ████ +████▀▄▀ ▀ ▄█▀▄██ ▀▀▄██▀█▀▄▀▀ ▀█▀████ +████▀ █▀ ▄▄██ █▀▄▄▄ ▄▀ ▄▀ ▀ ▄▀▀████ +████ ▄ ▀█ ▄█▄ ▀ ▄██▄▀██▄ ▀▀▀█ ▄▀ ████ +████▄█▄▄▄█▄▄ █▄▄ ▀█ █▄█▀ ▄▄▄ █▄█▄████ +████ ▄▄▄▄▄ █ ▄▀▀▀▀▄ █▄▄ █▄█ ███▀████ +████ █ █ ██▀▄ █▄█ ▀█▀ ▄▄▄█▀▄ ████ +████ █▄▄▄█ █▀▄ █ █ ██▄▄▀ ▀▄█ ▄▀████ +████▄▄▄▄▄▄▄█▄█▄▄███▄█▄█▄█▄█▄██▄██████ +█████████████████████████████████████ +█████████████████████████████████████ +``` + ## Installation ``` @@ -69,6 +101,34 @@ sudo make install - `oathtool` for generating 2FA codes - `qrencode` for generating QR code images +## Migrating from pass-otp 0.1 + +`pass-otp` has switched to storing OTP tokens in the +standard +[Key Uri Format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format). +You'll need to edit any saved tokens and change them to this format. For +example: + +``` +$ pass edit totp-secret +``` + +Old format: + +``` +otp_secret: AAAAAAAAAAAAAAAA +otp_type: totp +otp_algorithm: sha1 +otp_period: 30 +otp_digits: 6 +``` + +New format: + +``` +otpauth:// +``` + ## License ``` diff --git a/otp.bash b/otp.bash index 91661d8..f094fa2 100755 --- a/otp.bash +++ b/otp.bash @@ -85,16 +85,20 @@ otp_insert() { cmd_otp_usage() { cat <<-_EOF Usage: - $PROGRAM otp [show] [--clip,-c] pass-name + + $PROGRAM otp [code] [--clip,-c] pass-name Generate an OTP code and optionally put it on the clipboard. If put on the clipboard, it will be cleared in $CLIP_TIME seconds. + $PROGRAM otp insert [--force,-f] [--echo,-e] [uri] pass-name Insert a new OTP key URI. If one is not supplied, it will be read from stdin. Optionally, echo the input. Prompt before overwriting existing password unless forced. + $PROGRAM otp uri [--clip,-c] [--qrcode,-q] pass-name Display the key URI stored in pass-name. Optionally, put it on the clipboard, or display a QR code. + $PROGRAM otp validate uri Test if the given URI is a valid OTP key URI. @@ -128,7 +132,6 @@ cmd_otp_insert() { [[ "$uri" == "$uri_again" ]] || die "Error: the entered URIs do not match." else read -r -p "Enter otpauth:// URI for $path: " -e uri - echo fi else read -r uri -- cgit v1.2.3