[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#839278: oathtool: has no secure way to provide a key

From: Simon Josefsson
Subject: Bug#839278: oathtool: has no secure way to provide a key
Date: Fri, 13 Nov 2020 00:45:49 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Ian Jackson <ijackson@chiark.greenend.org.uk> writes:

> This causes KEY and OTP to be read from files.  You can specify the
> same filename twice in which case it takes a line from each.  "-"
> means stdin.

Thank you for the patch -- this makes sense.  I'm not fond of the name
'args-from-files' though.  How about this behaviour: if the supplied
strings for KEY and/or OTP contain '/' or '\' the strings are treated as
names of files to be read, instead of data strings?  And if the string
is '-' stdin is used.

The oathtool CLI was mostly intended as a debugging tool.  There were
discussions in the past about a higher-level tool that would store
secrets, keep track of HOTP counters, generate/validate OTPs, and
support PSKC files.  I'm not sure extending oathtool a lot further is
appropriate.  We'd might just be duplicating external efforts, such as:



Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]