[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#839278: oathtool: has no secure way to provide a key
From: |
Simon Josefsson |
Subject: |
Bug#839278: oathtool: has no secure way to provide a key |
Date: |
Fri, 13 Nov 2020 00:45:49 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> This causes KEY and OTP to be read from files. You can specify the
> same filename twice in which case it takes a line from each. "-"
> means stdin.
Thank you for the patch -- this makes sense. I'm not fond of the name
'args-from-files' though. How about this behaviour: if the supplied
strings for KEY and/or OTP contain '/' or '\' the strings are treated as
names of files to be read, instead of data strings? And if the string
is '-' stdin is used.
The oathtool CLI was mostly intended as a debugging tool. There were
discussions in the past about a higher-level tool that would store
secrets, keep track of HOTP counters, generate/validate OTPs, and
support PSKC files. I'm not sure extending oathtool a lot further is
appropriate. We'd might just be duplicating external efforts, such as:
https://github.com/tadfisher/pass-otp
https://github.com/matalo33/py_oathtool
/Simon
signature.asc
Description: PGP signature
- Bug#839278: oathtool: has no secure way to provide a key,
Simon Josefsson <=