From 38482e42167a898c5881170f1e8fe0a7a9599214 Mon Sep 17 00:00:00 2001 From: Tad Fisher Date: Mon, 20 Mar 2017 09:37:35 -0700 Subject: Update README --- README.md | 110 ++++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 85 insertions(+), 25 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index ad3a121..6c0ad4d 100644 --- a/README.md +++ b/README.md @@ -9,52 +9,84 @@ one-time-password (OTP) tokens. ``` Usage: - pass otp [show] [--clip,-c] pass-name + + pass otp [code] [--clip,-c] pass-name Generate an OTP code and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. - pass otp insert totp [--secret=key,-s key] [--algorithm alg,-a alg] - [--period=seconds,-p seconds] - [--digits=digits,-d digits] [--force,-f] pass-name - Insert new TOTP secret. Prompt before overwriting existing password - unless forced. - pass otp insert hotp [--secret=secret,-s secret] - [--digits=digits,-d digits] [--force,-f] - pass-name counter - Insert new HOTP secret with initial counter. Prompt before overwriting - existing password unless forced. + + pass otp insert [--force,-f] [--echo,-e] [uri] pass-name + Insert a new OTP key URI. If one is not supplied, it will be read from + stdin. Optionally, echo the input. Prompt before overwriting existing + password unless forced. + pass otp uri [--clip,-c] [--qrcode,-q] pass-name - Create a secret key URI suitable for importing into other TOTP clients. - Optionally, put it on the clipboard, or display a QR code. + Display the key URI stored in pass-name. Optionally, put it on the + clipboard, or display a QR code. + + pass otp validate uri + Test if the given URI is a valid OTP key URI. More information may be found in the pass-otp(1) man page. ``` -## Example +## Examples Insert a TOTP token: ``` -$ pass otp insert totp -s AAAAAAAAAAAAAAAAAAAAA totp-secret -[master 4f9b989] Add given OTP secret for totp-secret to store. - 1 file changed, 0 insertions(+), 0 deletions(-) - create mode 100644 totp-secret.gpg +$ pass otp insert otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA totp-secret +``` +Have `pass-otp` prompt you for a token (avoids potential shell history leakage): -$ pass show totp-secret -otp_secret: AAAAAAAAAAAAAAAAAAAAA -otp_type: totp -otp_algorithm: sha1 -otp_period: 30 -otp_digits: 6 +``` +$ pass otp insert totp-secret +``` + +Pipe an `otpauth://` URI into a passfile: + +``` +$ cat totp-uri.txt | pass otp insert totp-secret +``` + +Use `[zbar](http://zbar.sourceforge.net/)` to decode a QR image into a passfile: + +``` +$ zbarimg -q --raw qrcode.png | pass otp insert totp-secret ``` Generate a 2FA code using this token: ``` -$ pass otp show totp-secret +$ pass otp totp-secret 698816 ``` +Display a QR code for an OTP token: + +``` +$ pass otp uri -q totp-secret +█████████████████████████████████████ +█████████████████████████████████████ +████ ▄▄▄▄▄ ██▄▄ ▀█ ▀ █▀█ ▄▄▄▄▄ ████ +████ █ █ █▀▄ █▀▀▄▀▀██ █ █ █ ████ +████ █▄▄▄█ █▄▀ █▄▄▄ █▀▀▄ █ █▄▄▄█ ████ +████▄▄▄▄▄▄▄█▄▀▄█ ▀ █▄█ ▀▄█▄▄▄▄▄▄▄████ +████▄▄▀██▄▄ ▀▄ █▄█▀ ▀▄▀▀▄▀█▀ ▄▀██████ +████ ▀▄▀ ▄▀ ▄▀ ▄▄ ▄ ███ ██ █ ███████ +████▀▀ ▄▄█▄▄▄▄ █ █ ▀███▀▄▀ ▀▀█ ████ +████▀▄▀ ▀ ▄█▀▄██ ▀▀▄██▀█▀▄▀▀ ▀█▀████ +████▀ █▀ ▄▄██ █▀▄▄▄ ▄▀ ▄▀ ▀ ▄▀▀████ +████ ▄ ▀█ ▄█▄ ▀ ▄██▄▀██▄ ▀▀▀█ ▄▀ ████ +████▄█▄▄▄█▄▄ █▄▄ ▀█ █▄█▀ ▄▄▄ █▄█▄████ +████ ▄▄▄▄▄ █ ▄▀▀▀▀▄ █▄▄ █▄█ ███▀████ +████ █ █ ██▀▄ █▄█ ▀█▀ ▄▄▄█▀▄ ████ +████ █▄▄▄█ █▀▄ █ █ ██▄▄▀ ▀▄█ ▄▀████ +████▄▄▄▄▄▄▄█▄█▄▄███▄█▄█▄█▄█▄██▄██████ +█████████████████████████████████████ +█████████████████████████████████████ +``` + ## Installation ``` @@ -69,6 +101,34 @@ sudo make install - `oathtool` for generating 2FA codes - `qrencode` for generating QR code images +## Migrating from pass-otp 0.1 + +`pass-otp` has switched to storing OTP tokens in the +standard +[Key Uri Format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format). +You'll need to edit any saved tokens and change them to this format. For +example: + +``` +$ pass edit totp-secret +``` + +Old format: + +``` +otp_secret: AAAAAAAAAAAAAAAA +otp_type: totp +otp_algorithm: sha1 +otp_period: 30 +otp_digits: 6 +``` + +New format: + +``` +otpauth:// +``` + ## License ``` -- cgit v1.2.3 From d9c681a8fbb70d40e14079e5f1a8b4aaee0b0d08 Mon Sep 17 00:00:00 2001 From: Tad Fisher Date: Mon, 20 Mar 2017 09:51:27 -0700 Subject: Fill out migrating documentation --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 6c0ad4d..439f62e 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Pipe an `otpauth://` URI into a passfile: $ cat totp-uri.txt | pass otp insert totp-secret ``` -Use `[zbar](http://zbar.sourceforge.net/)` to decode a QR image into a passfile: +Use [zbar](http://zbar.sourceforge.net/) to decode a QR image into a passfile: ``` $ zbarimg -q --raw qrcode.png | pass otp insert totp-secret @@ -126,9 +126,17 @@ otp_digits: 6 New format: ``` -otpauth:// +otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA&issuer=totp-secret ``` +Note that the following default values do not need to be specified in the URI: + +| parameter | default | +| --------- | ------- | +| algorithm | sha1 | +| period | 30 | +| digits | 6 | + ## License ``` -- cgit v1.2.3