scdtotp: Update documentation

Update README and man page for scdtotp to reflect the change in
how the TOTP parameters are read from the card.
develop
Damien Goutte-Gattat 8 years ago
parent a8f12cb78f
commit 2d47bc5caa
  1. 25
      README
  2. 16
      man/scdtotp.1.in

@ -30,16 +30,31 @@ generator token. It generates time-based one-time password (TOTP)
as per RFC 6238, based on a key it expects to find in the private
data object of the inserted OpenPGP smartcard.
The key must be at most 64 bytes long and must be stored as an
hexstring (at most 128 hexadecimal characters; non-hexadecimal
characters may be freely mixed and will be ignored when the key is
read).
Note that contrary to a true password generator token, the key cannot
remain only on the smartcard, it has to be sent to the computer so
that scdtotp can derive the password from it. Thus it cannot provide
the same level of security.
The key must be stored as an otpauth:// URI as specified in
<https://code.google.com/p/google-authenticator/wiki/KeyUriFormat>,
e.g.:
otpauth://totp/alice@example.org?secret=KIMEFUAW4SRW
where the “secret” parameter is the Base32-encoded key. This format
allows to specify also the non-secret parameters of the TOTP
algorithm:
– the HMAC algorithm to use: "&algorithm=mac", where “mac” can be
“sha1” (default), “sha256”, or “sha512”;
– the time period: "&period=N", where N is expressed in seconds
(30 seconds by default);
– the number of digits to output: "&digits=N" (defaults to 6).
All of these parameters may be overridden by command line options.
Copying
-------

@ -9,8 +9,8 @@ scdtotp \- Generate one-time passwords from an OpenPGP smartcard
.RB [ \-v | --version ]
.RB [ \-t | --time
.IR seconds ]
.RB [ \-s | --step
.IR N ]
.RB [ \-p | --period
.IR seconds ]
.RB [ \-d | --digits
.IR N ]
.RB [ \-m | --mac-algo
@ -43,17 +43,21 @@ Display the version message.
Generate password for the specified time in seconds
instead of current time.
.TP
.BR -s ", " --step " " \fiN\fR
Specify the value of the time step parameter.
.BR -p ", " --period " " \fiN\fR
Force a period of \fiN\fR seconds. The default period
is 30 seconds, unless specified otherwise on the card.
.TP
.BR -d ", " --digits " " \fiN\fR
Output a password of
.I N
digits.
digits. The default value is 6, unless another
value is specified on the smartcard.
.TP
.BR -m ", " --mac-algo " " \fialgo\fR
Select the HMAC algorithm to use among
\fisha1\fR (default), \fisha256\fR, or \fisha512\fR.
\fisha1\fR, \fisha256\fR, or \fisha512\fR.
The default is \fisha1\fR, unless another
algorithm is specified on the smartcard.
.TP
.BR -n ", " --private-do " " \fiN\fR
Read key from private DO slot #\fiN\fR

Loading…
Cancel
Save