Bug#839278: oathtool: has no secure way to provide a key

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#839278: oathtool: has no secure way to provide a key

From:	Simon Josefsson
Subject:	Bug#839278: oathtool: has no secure way to provide a key
Date:	Fri, 13 Nov 2020 00:45:49 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Ian Jackson <ijackson@chiark.greenend.org.uk> writes:

> This causes KEY and OTP to be read from files.  You can specify the
> same filename twice in which case it takes a line from each.  "-"
> means stdin.

Thank you for the patch -- this makes sense.  I'm not fond of the name
'args-from-files' though.  How about this behaviour: if the supplied
strings for KEY and/or OTP contain '/' or '\' the strings are treated as
names of files to be read, instead of data strings?  And if the string
is '-' stdin is used.

The oathtool CLI was mostly intended as a debugging tool.  There were
discussions in the past about a higher-level tool that would store
secrets, keep track of HOTP counters, generate/validate OTPs, and
support PSKC files.  I'm not sure extending oathtool a lot further is
appropriate.  We'd might just be duplicating external efforts, such as:

https://github.com/tadfisher/pass-otp
https://github.com/matalo33/py_oathtool

/Simon

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#839278: oathtool: has no secure way to provide a key, Simon Josefsson <=
- Bug#839278: oathtool: has no secure way to provide a key, Ian Jackson, 2020/11/13
- Bug#839278: oathtool: has no secure way to provide a key, Ilkka Virta, 2020/11/13

Prev by Date: Bug#971441: Package not built from source: gengetopt
Next by Date: Processing of oath-toolkit_2.6.4-2_source.changes
Previous by thread: Bug#971441: Package not built from source: gengetopt
Next by thread: Bug#839278: oathtool: has no secure way to provide a key
Index(es):
- Date
- Thread