diff options
| -rw-r--r-- | hosts/isimud/command-line.html | 1491 | ||||
| -rw-r--r-- | hosts/isimud/default.nix | 15 |
2 files changed, 1506 insertions, 0 deletions
diff --git a/hosts/isimud/command-line.html b/hosts/isimud/command-line.html new file mode 100644 index 00000000..4534001e --- /dev/null +++ b/hosts/isimud/command-line.html @@ -0,0 +1,1491 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> +<meta http-equiv="X-UA-Compatible" content="IE=edge"> +<meta name="viewport" content="width=device-width, initial-scale=1"> +<meta name="description" content="The OnlyKey Command-Line Utility is a command line interface to OnlyKey."> +<meta name="keywords" content="OnlyKeyCommand linePython, OnlyKey, Command line"> +<title>OnlyKey Command-Line Utility | Docs</title> +<link rel="stylesheet" href="css/syntax.css"> + +<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"> +<!--<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">--> +<link rel="stylesheet" href="css/modern-business.css"> +<!-- Latest compiled and minified CSS --> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> +<link rel="stylesheet" href="css/customstyles.css"> +<link rel="stylesheet" href="css/boxshadowproperties.css"> +<!-- most color styles are extracted out to here --> +<link rel="stylesheet" href="css/theme-blue.css"> + +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> + +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js"></script> +<script src="js/jquery.navgoco.min.js"></script> + + +<!-- Latest compiled and minified JavaScript --> +<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> +<!-- Anchor.js --> +<script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/4.2.0/anchor.min.js"></script> +<script src="js/toc.js"></script> +<script src="js/customscripts.js"></script> + +<link rel="shortcut icon" href="images/favicon.ico"> + +<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> +<!-- WARNING: Respond.js doesn't work if you view the page via file:// --> +<!--[if lt IE 9]> +<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> +<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> +<![endif]--> + +<link rel="alternate" type="application/rss+xml" title="trustcrypto.github.io" href="https://docs.onlykey.io/feed.xml"> + + <script> + $(document).ready(function() { + // Initialize navgoco with default options + $("#mysidebar").navgoco({ + caretHtml: '', + accordion: true, + openClass: 'active', // open + save: false, // leave false or nav highlighting doesn't work right + cookie: { + name: 'navgoco', + expires: false, + path: '/' + }, + slide: { + duration: 400, + easing: 'swing' + } + }); + + $("#collapseAll").click(function(e) { + e.preventDefault(); + $("#mysidebar").navgoco('toggle', false); + }); + + $("#expandAll").click(function(e) { + e.preventDefault(); + $("#mysidebar").navgoco('toggle', true); + }); + + }); + + </script> + <script> + $(function () { + $('[data-toggle="tooltip"]').tooltip() + }) + </script> + <script> + $(document).ready(function() { + $("#tg-sb-link").click(function() { + $("#tg-sb-sidebar").toggle(); + $("#tg-sb-content").toggleClass('col-md-9'); + $("#tg-sb-content").toggleClass('col-md-12'); + $("#tg-sb-icon").toggleClass('fa-toggle-on'); + $("#tg-sb-icon").toggleClass('fa-toggle-off'); + }); + }); + </script> + + +</head> +<body> +<!-- Navigation --> +<nav class="navbar navbar-inverse navbar-static-top"> + <div class="container topnavlinks"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="fa fa-home fa-lg navbar-brand" href="index.html"> <span class="projectTitle"> Docs</span></a> + </div> + <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> + <ul class="nav navbar-nav navbar-right"> + <!-- toggle sidebar button --> + <li><a id="tg-sb-link" href="#"><i id="tg-sb-icon" class="fa fa-toggle-on"></i> Nav</a></li> + <!-- entries without drop-downs appear here --> + + + + + + + + <li><a href="https://onlykey.io" target="_blank" rel="noopener">Purchase OnlyKey</a></li> + + + + <li><a href="https://docs.crp.to/index.html" target="_blank" rel="noopener">Get Started</a></li> + + + + <!-- entries with drop-downs appear here --> + <!-- conditional logic to control which topnav appears for the audience defined in the configuration file.--> + + + <!--comment out this block if you want to hide search--> + <li> + <!--start search--> + <div id="search-demo-container"> + <input type="text" id="search-input" placeholder="search..."> + <ul id="results-container"></ul> + </div> + <script src="js/jekyll-search.js" type="text/javascript"></script> + <script type="text/javascript"> + SimpleJekyllSearch.init({ + searchInput: document.getElementById('search-input'), + resultsContainer: document.getElementById('results-container'), + dataSource: 'search.json', + searchResultTemplate: '<li><a href="{url}" title="OnlyKey Command-Line Utility">{title}</a></li>', + noResultsText: 'No results found.', + limit: 10, + fuzzy: true, + }) + </script> + <!--end search--> + </li> + </ul> + </div> + </div> + <!-- /.container --> +</nav> + +<!-- Page Content --> +<div class="container"> + <div id="main"> + <!-- Content Row --> + <div class="row"> + + + <!-- Sidebar Column --> + <div class="col-md-3" id="tg-sb-sidebar"> + + +<ul id="mysidebar" class="nav"> + <li class="sidebarTitle">OnlyKey Documentation </li> + + + + <li> + <a title="General Information" href="#">General Information</a> + <ul> + + + + <li><a title="Get Started" href="index.html">Get Started</a></li> + + + + + + + <li><a title="FAQs" href="faq.html">FAQs</a></li> + + + + + + + <li><a title="About Security" href="security.html">About Security</a></li> + + + + + </ul> + </li> + + + + <li> + <a title="OnlyKey User's Guide" href="#">OnlyKey User's Guide</a> + <ul> + + + + <li><a title="Unpacking OnlyKey" href="usersguide.html#unpacking">Unpacking OnlyKey</a></li> + + + + + + + <li><a title="Setting up OnlyKey" href="usersguide.html#initial-setup">Setting up OnlyKey</a></li> + + + + + + + <li><a title="Reset OnlyKey (Factory Default)" href="usersguide.html#reset-default">Reset OnlyKey (Factory Default)</a></li> + + + + + + + <li><a title="Configure Basic Login Info" href="usersguide.html#all-about-slots">Configure Basic Login Info</a></li> + + + + + + + <li><a title="OnlyKey On-The-Go" href="usersguide.html#otg">OnlyKey On-The-Go</a></li> + + + + + + + <li><a title="Configure Two Factor Authentication (2FA)" href="usersguide.html#two-factor-authentication-2fa">Configure Two Factor Authentication (2FA)</a></li> + + + + + + + <li><a title="Google Authenticator (TOTP)" href="usersguide.html#google-authenticator-totp">Google Authenticator (TOTP)</a></li> + + + + + + + <li><a title="Yubico® One-Time Password" href="usersguide.html#Yubico-one-time-password">Yubico® One-Time Password</a></li> + + + + + + + <li><a title="Security Key (FIDO2 / U2F)" href="usersguide.html#universal-2nd-factor-u2f">Security Key (FIDO2 / U2F)</a></li> + + + + + + + <li><a title="Using With A Software Password Manager" href="usersguide.html#using-onlykey-with-a-software-password-manager">Using With A Software Password Manager</a></li> + + + + + + + <li><a title="OpenPGP Encryption (Files / Messages)" href="usersguide.html#openpgp">OpenPGP Encryption (Files / Messages)</a></li> + + + + + + + <li><a title="Preferences" href="usersguide.html#preferences">Preferences</a></li> + + + + + + + <li><a title="About Encryption Keys" href="usersguide.html#encryption-keys">About Encryption Keys</a></li> + + + + + + + <li><a title="Generating Keys" href="importpgp.html#generating-keys">Generating Keys</a></li> + + + + + + + <li><a title="Loading Keys" href="importpgp.html#loading-keys">Loading Keys</a></li> + + + + + + + <li><a title="Secure Encrypted Backup Anywhere" href="usersguide.html#secure-encrypted-backup-anywhere">Secure Encrypted Backup Anywhere</a></li> + + + + + + + <li><a title="Restore From Backup" href="usersguide.html#restore-from-backup">Restore From Backup</a></li> + + + + + + + <li><a title="Loading OnlyKey Firmware" href="usersguide.html#loading-onlykey-firmware">Loading OnlyKey Firmware</a></li> + + + + + + + <li><a title="Troubleshooting" href="usersguide.html#troubleshooting">Troubleshooting</a></li> + + + + + + + <li><a title="Change your PIN" href="usersguide.html#pin-change">Change your PIN</a></li> + + + + + + + <li><a title="Additional Information" href="usersguide.html#web-links">Additional Information</a></li> + + + + + </ul> + </li> + + + + <li> + <a title="OnlyKey DUO User's Guide" href="#">OnlyKey DUO User's Guide</a> + <ul> + + + + <li><a title="Unpacking OnlyKey DUO" href="duousersguide.html#unpacking">Unpacking OnlyKey DUO</a></li> + + + + + + + <li><a title="Setting up OnlyKey DUO" href="duousersguide.html#initial-setup">Setting up OnlyKey DUO</a></li> + + + + + + + <li><a title="Reset OnlyKey (Factory Default)" href="duousersguide.html#reset-default">Reset OnlyKey (Factory Default)</a></li> + + + + + + + <li><a title="Configure Basic Login Info" href="duousersguide.html#all-about-slots">Configure Basic Login Info</a></li> + + + + + + + <li><a title="On-The-Go" href="duousersguide.html#otg">On-The-Go</a></li> + + + + + + + <li><a title="Configure Two Factor Authentication (2FA)" href="duousersguide.html#two-factor-authentication-2fa">Configure Two Factor Authentication (2FA)</a></li> + + + + + + + <li><a title="Google Authenticator (TOTP)" href="duousersguide.html#google-authenticator-totp">Google Authenticator (TOTP)</a></li> + + + + + + + <li><a title="Yubico® One-Time Password" href="duousersguide.html#Yubico-one-time-password">Yubico® One-Time Password</a></li> + + + + + + + <li><a title="Security Key (FIDO2 / U2F)" href="duousersguide.html#universal-2nd-factor-u2f">Security Key (FIDO2 / U2F)</a></li> + + + + + + + <li><a title="Using With A Software Password Manager" href="duousersguide.html#using-onlykey-with-a-software-password-manager">Using With A Software Password Manager</a></li> + + + + + + + <li><a title="OpenPGP Encryption (Files / Messages)" href="duousersguide.html#openpgp">OpenPGP Encryption (Files / Messages)</a></li> + + + + + + + <li><a title="Preferences" href="duousersguide.html#preferences">Preferences</a></li> + + + + + + + <li><a title="About Encryption Keys" href="duousersguide.html#encryption-keys">About Encryption Keys</a></li> + + + + + + + <li><a title="Generating Keys" href="importpgp.html#generating-keys">Generating Keys</a></li> + + + + + + + <li><a title="Loading Keys" href="importpgp.html#loading-keys">Loading Keys</a></li> + + + + + + + <li><a title="Secure Encrypted Backup Anywhere" href="duousersguide.html#secure-encrypted-backup-anywhere">Secure Encrypted Backup Anywhere</a></li> + + + + + + + <li><a title="Restore From Backup" href="duousersguide.html#restore-from-backup">Restore From Backup</a></li> + + + + + + + <li><a title="Loading OnlyKey Firmware" href="duousersguide.html#loading-onlykey-firmware">Loading OnlyKey Firmware</a></li> + + + + + + + <li><a title="Troubleshooting" href="duousersguide.html#troubleshooting">Troubleshooting</a></li> + + + + + + + <li><a title="Change your PIN" href="duousersguide.html#pin-change">Change your PIN</a></li> + + + + + + + <li><a title="Additional Information" href="duousersguide.html#web-links">Additional Information</a></li> + + + + + </ul> + </li> + + + + <li> + <a title="Features" href="#">Features</a> + <ul> + + + + <li><a title="Universal Support" href="features.html#universal-support">Universal Support</a></li> + + + + + + + <li><a title="Portable. Durable. Waterproof" href="features.html#portable-durable-waterproof">Portable. Durable. Waterproof</a></li> + + + + + + + <li><a title="Pin Protected" href="features.html#pin-protected">Pin Protected</a></li> + + + + + + + <li><a title="Hardware Password Manager" href="features.html#hardware-password-manager">Hardware Password Manager</a></li> + + + + + + + <li><a title="Universal Two-Factor Authentication" href="features.html#universal-2-factor-token">Universal Two-Factor Authentication</a></li> + + + + + + + <li><a title="SSH Authentication" href="features.html#ssh-authentication">SSH Authentication</a></li> + + + + + + + <li><a title="OpenPGP Everywhere" href="features.html#openpgp-support">OpenPGP Everywhere</a></li> + + + + + + + <li><a title="Self-Destruct" href="features.html#self-destruct-feature">Self-Destruct</a></li> + + + + + + + <li><a title="Encrypted Backup Anywhere" href="features.html#encrypted-backup-anywhere">Encrypted Backup Anywhere</a></li> + + + + + + + <li><a title="Automatic Lock" href="features.html#automatic-lock-feature">Automatic Lock</a></li> + + + + + + + <li><a title="International Keyboard Layouts" href="features.html#international-keyboard-layouts">International Keyboard Layouts</a></li> + + + + + + + <li><a title="Sysadmin Mode" href="features.html#sysadmin-mode">Sysadmin Mode</a></li> + + + + + + + <li><a title="LED Definitions" href="features.html#led-definitions-onlykey-color">LED Definitions</a></li> + + + + + + + <li><a title="Button Definitions" href="features.html#button-definitions">Button Definitions</a></li> + + + + + + + <li><a title="OnlyKey / OnlyKey DUO Differences" href="features.html##onlykey-and-onlykey-duo-differences">OnlyKey / OnlyKey DUO Differences</a></li> + + + + + + + <li><a title="Config Mode" href="security.html#config-mode">Config Mode</a></li> + + + + + + + <li><a title="Plausible Deniability" href="features.html#plausible-deniability-feature">Plausible Deniability</a></li> + + + + + </ul> + </li> + + + + <li> + <a title="Apps and Software" href="#">Apps and Software</a> + <ul> + + + + <li><a title="Desktop App" href="app.html">Desktop App</a></li> + + + + + + + <li><a title="WebCrypt (OpenPGP Webapp)" href="webcrypt.html">WebCrypt (OpenPGP Webapp)</a></li> + + + + + + + <li><a title="SSH/GPG Agent (onlykey-agent)" href="onlykey-agent.html">SSH/GPG Agent (onlykey-agent)</a></li> + + + + + + + <li class="active"><a title="Command-Line Utility (onlykey-cli)" href="command-line.html">Command-Line Utility (onlykey-cli)</a></li> + + + + + + + <li><a title="Firmware" href="firmware.html">Firmware</a></li> + + + + + </ul> + </li> + + + + <li> + <a title="Knowledge Base" href="#">Knowledge Base</a> + <ul> + + + + <li><a title="Works with OnlyKey" href="workswithonlykey.html">Works with OnlyKey</a></li> + + + + + + + <li><a title="Upgrade Guide" href="upgradeguide.html">Upgrade Guide</a></li> + + + + + + + <li><a title="Legacy Firmware Upgrade Guide" href="legacyupgradeguide.html">Legacy Firmware Upgrade Guide</a></li> + + + + + + + <li><a title="International Travel Edition Guide" href="ite.html">International Travel Edition Guide</a></li> + + + + + + + <li><a title="Plausible Deniability Setup Guide" href="pdguide.html">Plausible Deniability Setup Guide</a></li> + + + + + + + <li><a title="Windows Active Directory Guide" href="activedirectory.html">Windows Active Directory Guide</a></li> + + + + + + + <li><a title="Linux - Using OnlyKey with Linux" href="linux.html">Linux - Using OnlyKey with Linux</a></li> + + + + + + + <li><a title="Mobile - Using OnlyKey with iOS and Android" href="mobile.html">Mobile - Using OnlyKey with iOS and Android</a></li> + + + + + + + <li><a title="OpenPGP Keys - Import keys from Protonmail, Keybase, and Mailvelope" href="importpgp.html">OpenPGP Keys - Import keys from Protonmail, Keybase, and Mailvelope</a></li> + + + + + + + <li><a title="Virtual Machines with OnlyKey" href="virtualmachines.html">Virtual Machines with OnlyKey</a></li> + + + + + + + <li><a title="Qubes OS with OnlyKey" href="qubes.html">Qubes OS with OnlyKey</a></li> + + + + + + + <li><a title="Full-Disk Encryption with OnlyKey" href="full-disk-encryption.html">Full-Disk Encryption with OnlyKey</a></li> + + + + + + + <li><a title="OpenSSH With OnlyKey" href="openssh.html">OpenSSH With OnlyKey</a></li> + + + + + </ul> + </li> + + + + <!-- if you aren't using the accordion, uncomment this block: + <p class="external"> + <a href="#" id="collapseAll">Collapse All</a> | <a href="#" id="expandAll">Expand All</a> + </p> + --> +</ul> + +<!-- this highlights the active parent class in the navgoco sidebar. this is critical so that the parent expands when you're viewing a page. This must appear below the sidebar code above. Otherwise, if placed inside customscripts.js, the script runs before the sidebar code runs and the class never gets inserted.--> +<script>$("li.active").parents('li').toggleClass("active");</script> + + </div> + + + + <!-- Content Column --> + <div class="col-md-9" id="tg-sb-content"> + <div class="post-header"> + <h1 class="post-title-main">OnlyKey Command-Line Utility</h1> +</div> + + + +<div class="post-content"> + + + <div class="summary">The OnlyKey Command-Line Utility is a command line interface to OnlyKey.</div> + + + + +<!-- this handles the automatic toc. use ## for subheads to auto-generate the on-page minitoc. if you use html tags, you must supply an ID for the heading element in order for it to appear in the minitoc. --> +<script> +$( document ).ready(function() { + // Handler for .ready() called. + +$('#toc').toc({ minimumHeaders: 0, listType: 'ul', showSpeed: 0, headers: 'h2,h3,h4' }); + +/* this offset helps account for the space taken up by the floating toolbar. */ +$('#toc').on('click', 'a', function() { + var target = $(this.getAttribute('href')) + , scroll_target = target.offset().top + + $(window).scrollTop(scroll_target - 10); + return false +}) + +}); +</script> + +<div id="toc"></div> + + + + + <h1 id="onlykey-cli">onlykey-cli</h1> + +<p>OnlyKey-cli - A command line interface to the OnlyKey (Similar functionality to <a href="https://docs.crp.to/app.html">OnlyKey App</a>) that can be used for configuration, scripting, and testing.</p> + +<h2 id="installation">Installation</h2> + +<h3 id="windows-stand-alone-exe">Windows Stand-Alone EXE</h3> +<p>No install is required. Download and run the EXE to open OnlyKey CLI interactive mode or run directly from command line like this:</p> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>C:\ onlykey-cli.exe getlabels +</code></pre></div></div> + +<p><a href="https://github.com/trustcrypto/python-onlykey/releases/download/v1.2.9/onlykey-cli.exe">Download here</a></p> + +<h3 id="windows-install-with-dependencies">Windows Install with dependencies</h3> +<p>1) Python 3.8 and pip3 are required. To setup a Python environment on Windows we recommend Anaconda <a href="https://www.anaconda.com/download/#windows">https://www.anaconda.com/download/#windows</a></p> + +<p>2) From an administrator command prompt run:</p> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pip3 install hidapi==0.9.0 onlykey +</code></pre></div></div> + +<p>You should see a message showing where the executable is installed. This is usually c:\python39\scripts\onlykey-cli.exe</p> + +<h3 id="macos-install-with-dependencies">MacOS Install with dependencies</h3> +<p>Python 3.8 and pip3 are required. To setup a Python environment on MacOS we recommend Anaconda <a href="https://www.anaconda.com/download/#macos">https://www.anaconda.com/download/#macos</a></p> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ brew install libusb +$ pip3 install onlykey +</code></pre></div></div> + +<h3 id="linuxbsd-install-with-dependencies">Linux/BSD Install with dependencies</h3> + +<p>In order for non-root users in Linux to be able to communicate with OnlyKey a udev rule must be created as described <a href="https://docs.crp.to/linux">here</a>.</p> + +<h4 id="ubuntu-install-with-dependencies">Ubuntu Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ sudo apt update && sudo apt upgrade +$ sudo apt install python3-pip python3-tk libusb-1.0-0-dev libudev-dev +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="debian-install-with-dependencies">Debian Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ sudo apt update && sudo apt upgrade +$ sudo apt install python3-pip python3-tk libusb-1.0-0-dev libudev-dev +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="redhat-install-with-dependencies">RedHat Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ yum update +$ yum install python3-pip python3-devel python3-tk libusb-devel libudev-devel \ + gcc redhat-rpm-config +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="fedora-install-with-dependencies">Fedora Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ dnf install python3-pip python3-devel python3-tkinter libusb-devel libudev-devel \ + gcc redhat-rpm-config +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="opensuse-install-with-dependencies">OpenSUSE Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ zypper install python3-pip python3-devel python3-tk libusb-1_0-devel libudev-devel +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="arch-linux-install-with-dependencies">Arch Linux Install with dependencies</h4> +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ sudo pacman -Sy git python3-setuptools python3 libusb python3-pip +$ pip3 install onlykey +$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules +$ sudo cp 49-onlykey.rules /etc/udev/rules.d/ +$ sudo udevadm control --reload-rules && udevadm trigger +</code></pre></div></div> + +<h4 id="freebsd-install-with-dependencies">FreeBSD Install with dependencies</h4> + +<p>See forum thread <a href="https://groups.google.com/d/msg/onlykey/CEYwdXjB508/MCe14p0gAwAJ">here</a></p> + +<h2 id="quickstart">QuickStart</h2> + +<p>Usage: onlykey-cli [OPTIONS]</p> + +<h3 id="setup-options">Setup Options</h3> + +<h4 id="init">init</h4> +<p>A command line tool for setting PIN on OnlyKey (Initial Configuration)</p> + +<h3 id="general-options">General Options</h3> + +<h4 id="version">version</h4> +<p>Displays the version of the app</p> + +<h4 id="fwversion">fwversion</h4> +<p>Displays the version of the OnlyKey firmware</p> + +<h4 id="wink">wink</h4> +<p>OnlyKey flashes blue (winks), may be used for visual confirmation of connectivity</p> + +<h4 id="getlabels">getlabels</h4> +<p>Returns slot labels</p> + +<h4 id="settime">settime</h4> +<p>A command for setting time on OnlyKey, time is needed for TOTP (Google Authenticator)</p> + +<h4 id="getkeylabels">getkeylabels</h4> +<p>Returns key labels for RSA keys 1-4 and ECC keys 1-16</p> + +<h4 id="rng-type">rng [type]</h4> +<p>Access OnlyKey TRNG to generate random numbers:</p> +<ul> + <li>[type] must be one of the following: + <ul> + <li>hexbytes - Output hex encoded random bytes. Default 8 bytes; Maximum 255 bytes. Specify number of bytes to return with –count <number of="" bytes=""> i.e. 'onlykey-cli rng hexbytes --count 32'</number></li> + <li>feedkernel - Feed random bytes to /dev/random.</li> + </ul> + </li> +</ul> + +<h3 id="onlykey-preferences-options">OnlyKey Preferences Options</h3> + +<h4 id="idletimeout-num">idletimeout [num]</h4> +<p>OnlyKey locks after ideletimeout is reached (1 – 255 minutes; default = 30; 0 to disable). <a href="https://docs.crp.to/usersguide.html#configurable-inactivity-lockout-period">More info</a></p> + +<h4 id="wipemode-num">wipemode [num]</h4> +<p>Configure how the OnlyKey responds to +a factory reset. WARNING - Setting to Full Wipe mode cannot be changed. +1 = Sensitive Data Only (default); 2 = Full Wipe (recommended for plausible deniability users) Entire device is wiped. Firmware must be reloaded. <a href="https://docs.crp.to/usersguide.html#configurable-wipe-mode">More info</a></p> + +<h4 id="keylayout-num">keylayout [num]</h4> +<p>Set keyboard layout</p> +<ul> + <li>1 - USA_ENGLISH (Default)</li> + <li>2 - CANADIAN_FRENCH</li> + <li>3 - CANADIAN_MULTILINGUAL</li> + <li>4 - DANISH</li> + <li>5 - FINNISH</li> + <li>6 - FRENCH</li> + <li>7 - FRENCH_BELGIAN</li> + <li>8 - FRENCH_SWISS</li> + <li>9 - GERMAN</li> + <li>10 - GERMAN_MAC</li> + <li>11 - GERMAN_SWISS</li> + <li>12 - ICELANDIC</li> + <li>13 - IRISH</li> + <li>14 - ITALIAN</li> + <li>15 - NORWEGIAN</li> + <li>16 - PORTUGUESE</li> + <li>17 - PORTUGUESE_BRAZILIAN</li> + <li>18 - SPANISH</li> + <li>19 - SPANISH_LATIN_AMERICA</li> + <li>20 - SWEDISH</li> + <li>21 - TURKISH</li> + <li>22 - UNITED_KINGDOM</li> + <li>23 - US_INTERNATIONAL</li> + <li>24 - CZECH</li> + <li>25 - SERBIAN_LATIN_ONLY</li> + <li>26 - HUNGARIAN</li> + <li>27 - DANISH MAC</li> + <li>28 - US_DVORAK</li> +</ul> + +<p><a href="https://docs.crp.to/usersguide.html#configurable-keyboard-layouts">More info</a></p> + +<h4 id="keytypespeed-num">keytypespeed [num]</h4> +<p>1 = slowest; 10 = fastest [7 = default] +<a href="https://docs.crp.to/usersguide.html#configurable-keyboard-type-speed">More info</a></p> + +<h4 id="ledbrightness-num">ledbrightness [num]</h4> +<p>1 = dimmest; 10 = brightest [8 = default] +<a href="https://docs.crp.to/usersguide.html#configurable-led-brightness">More info</a></p> + +<h4 id="touchsense-num">touchsense [num]</h4> +<p>Change the OnlyKey’s button touch sensitivity. +WARNING: Setting button’s touch sensitivity lower than 5 is not recommended as this could result in inadvertent button press. +2 = highest sensitivity; 100 = lowest sensitivity [12 = default]</p> + +<h4 id="2ndprofilemode-num">2ndprofilemode [num]</h4> +<p>Set during init (Initial Configuration) to set 2nd profile type 1 = standard (default); 2 = plausible deniability</p> + +<h4 id="storedkeymode-num">storedkeymode [num]</h4> +<p>Enable or disable challenge for stored keys (SSH/PGP) +0 = Challenge Code Required (default); 1 = Button Press Required +<a href="https://docs.crp.to/usersguide.html#stored-challenge-mode">More info</a></p> + +<h4 id="derivedkeymode-num">derivedkeymode [num]</h4> +<p>Enable or disable challenge for stored keys (SSH/PGP) +0 = Challenge Code Required (default); 1 = Button Press Required +<a href="https://docs.crp.to/usersguide.html#derived-challenge-mode">More info</a></p> + +<h4 id="hmackeymode-num">hmackeymode [num]</h4> +<p>Enable or disable button press for HMAC challenge-response +0 = Button Press Required (default); 1 = Button Press Not Required. +<a href="https://docs.crp.to/usersguide.html#hmac-mode">More info</a></p> + +<h4 id="backupkeymode-num">backupkeymode [num]</h4> +<p>1 = Lock backup key so this may not be changed on device +WARNING - Once set to “Locked” this cannot be changed unless a factory reset occurs. +<a href="https://docs.crp.to/usersguide.html#backup-key-mode">More info</a></p> + +<h4 id="sysadminmode">sysadminmode</h4> +<p>Enable or disable challenge for stored keys (SSH/PGP) +0 = Challenge Code Required (default); 1 = Button Press Required +<a href="https://docs.crp.to/usersguide.html#derived-challenge-mode">More info</a></p> + +<h4 id="lockbutton">lockbutton</h4> +<p>Enable or disable challenge for stored keys (SSH/PGP) +0 = Challenge Code Required (default); 1 = Button Press Required +<a href="https://docs.crp.to/usersguide.html#derived-challenge-mode">More info</a></p> + +<h3 id="slot-config-options">Slot Config Options</h3> + +<h4 id="setslot-id-type-value">setslot [id] [type] [value]</h4> +<ul> + <li>[id] must be slot number 1a - 6b for OnlyKey or 1-24 for OnlyKey DUO</li> + <li>[type] must be one of the following: + <ul> + <li>label - set slots (1a - 6b) to have a descriptive label i.e. My Google Acct</li> + <li>url - URL to login page</li> + <li>delay1 - set a 0 - 9 second delay</li> + <li>addchar1 - Additional character before username 1 for TAB, 0 to clear</li> + <li>username - Username to login</li> + <li>addchar2 - Additional character after username 1 for TAB, 2 for RETURN</li> + <li>delay2 - set a 0 - 9 second delay</li> + <li>password - Password to login</li> + <li>addchar3 - Additional character after password 1 for TAB, 2 for RETURN</li> + <li>delay3 - set a 0 - 9 second delay</li> + <li>addchar4 - Additional character before OTP 1 for TAB</li> + <li>2fa - type of two factor authentication + <ul> + <li>g - Google Authenticator</li> + <li>y - Yubico OTP</li> + <li>u - U2F</li> + </ul> + </li> + <li>totpkey - Google Authenticator key</li> + <li>addchar5 - Additional character after OTP 2 for RETURN</li> + </ul> + </li> +</ul> + +<h4 id="wipeslot-id">wipeslot [id]</h4> +<ul> + <li>[id] must be slot number 1a - 6b for OnlyKey or 1-24 for OnlyKey DUO</li> +</ul> + +<h3 id="key-config-options">Key Config Options</h3> + +<h4 id="setkey-key-slot-type-features-hex-key">setkey [key slot] [type] [features] [hex key]</h4> +<p>Sets raw private keys and key labels, to set PEM format keys use the OnlyKey App</p> +<ul> + <li>[key slot] must be key number RSA1 - RSA4, ECC1 - ECC16, HMAC1 - HMAC2</li> + <li>[type] must be one of the following: + <ul> + <li>label - set to have a descriptive key label i.e. My GPG signing key</li> + <li>x - X25519 Key Type (32 bytes)</li> + <li>n - NIST256P1 Key Type (32 bytes)</li> + <li>s - SECP256K1 Key Type (32 bytes)</li> + <li>2 - RSA Key Type 2048bits (256 bytes)</li> + <li>4 - RSA Key Type 4096bits (512 bytes)</li> + <li>h - HMAC Key Type (20 bytes)</li> + </ul> + </li> + <li>[features] must be one of the following: + <ul> + <li>s - Use for signing</li> + <li>d - Use for decryption</li> + <li>b - Use for encryption/decryption of backups</li> + </ul> + </li> + <li>For setting keys see examples <a href="https://docs.crp.to/command-line.html#writing-private-keys-and-passwords">here</a>.</li> +</ul> + +<h4 id="genkey-key-slot-type-features">genkey [key slot] [type] [features]</h4> +<p>Generates random private key on device</p> +<ul> + <li>[key slot] must be key number ECC1 - ECC16 (only ECC keys supported)</li> + <li>[type] must be one of the following: + <ul> + <li>x - X25519 Key Type (32 bytes)</li> + <li>n - NIST256P1 Key Type (32 bytes)</li> + <li>s - SECP256K1 Key Type (32 bytes)</li> + </ul> + </li> + <li>[features] must be one of the following: + <ul> + <li>s - Use for signing</li> + <li>d - Use for decryption</li> + <li>b - Use for encryption/decryption of backups</li> + </ul> + </li> + <li>For generating key see example <a href="https://docs.crp.to/command-line.html#writing-private-keys-and-passwords">here</a>.</li> +</ul> + +<h4 id="wipekey-key-id">wipekey [key id]</h4> +<p>Erases key stored at [key id]</p> +<ul> + <li>[key id] must be key number RSA1 - RSA4, ECC1 - ECC16, HMAC1 - HMAC2</li> +</ul> + +<h3 id="fido2-config-options">FIDO2 Config Options</h3> + +<h4 id="ping">ping</h4> +<p>Sends a FIDO2 transaction to the device, which immediately echoes the same data back. This command is defined to be a uniform function for debugging, latency and performance measurements (CTAPHID_PING).</p> + +<h4 id="set-pin">set-pin</h4> +<p>Set new FIDO PIN, this is the PIN entered via keyboard and used for FIDO2 register/login (not the OnlyKey PIN entered on device).</p> + +<h4 id="change-pin">change-pin</h4> +<p>Change FIDO PIN, this is the PIN entered via keyboard and used for FIDO2 register/login (not the OnlyKey PIN entered on device, to change that PIN use the OnlyKey Desktop App).</p> + +<h4 id="credential-operation-credential-id">credential [operation] [credential ID]</h4> +<ul> + <li>[operation] must be one of the following: + <ul> + <li>info - Display number of existing resident keys and remaining space.</li> + <li>ls - List resident keys.</li> + <li>rm [credential ID] - Remove resident keys, <a href="https://docs.crp.to/command-line.html#list-and-remove-fido2-resident-key">example here</a>.</li> + </ul> + </li> +</ul> + +<h4 id="reset">reset</h4> +<p>Reset wipes all FIDO U2F and FIDO2 credentials!!! It is highly recommended to backup device prior to reset.</p> + +<h3 id="running-command-options">Running Command Options</h3> + +<p>You can run commands in two ways:</p> + +<h4 id="1-directly-in-terminal">1) Directly in terminal</h4> + +<p>Like this:</p> + +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ onlykey-cli getlabels + +Slot 1a: +Slot 1b: + +Slot 2a: +Slot 2b: + +Slot 3a: +Slot 3b: + +Slot 4a: +Slot 4b: + +Slot 5a: +Slot 5b: + +Slot 6a: +Slot 6b: + +$ onlykey-cli setslot 1a label ok +Successfully set Label +$ onlykey-cli getlabels + +Slot 1a: ok +Slot 1b: + +Slot 2a: +Slot 2b: + +Slot 3a: +Slot 3b: + +Slot 4a: +Slot 4b: + +Slot 5a: +Slot 5b: + +Slot 6a: +Slot 6b: + +</code></pre></div></div> + +<h4 id="2-interactive-mode">2) Interactive Mode</h4> + +<p>Or you can run commands in an interactive shell like this:</p> + +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ onlykey-cli +OnlyKey CLI v1.2.8 +Press the right arrow to insert the suggestion. +Press Control-C to retry. Control-D to exit. + +OnlyKey> getlabels + +Slot 1a: +Slot 1b: + +Slot 2a: +Slot 2b: + +Slot 3a: +Slot 3b: + +Slot 4a: +Slot 4b: + +Slot 5a: +Slot 5b: + +Slot 6a: +Slot 6b: + +OnlyKey> setslot 1a label ok + +Successfully set Label + +OnlyKey> getlabels + +Slot 1a: ok +Slot 1b: + +Slot 2a: +Slot 2b: + +Slot 3a: +Slot 3b: + +Slot 4a: +Slot 4b: + +Slot 5a: +Slot 5b: + +Slot 6a: +Slot 6b: + +OnlyKey> setslot 1a url accounts.google.com + +Successfully set URL + +OnlyKey> setslot 1a addchar1 2 + +Successfully set Character1 + +OnlyKey> setslot 1a delay1 2 + +Successfully set Delay1 + +OnlyKey> setslot 1a username onlykey.1234 + +Successfully set Username + +OnlyKey> setslot 1a addchar2 2 + +Successfully set Character2 + +OnlyKey> setslot 1a delay2 2 + +Successfully set Delay2 + +OnlyKey> setslot 1a password + +Type Control-T to toggle password visible. +Password: ********* +Successfully set Password + +OnlyKey> setslot 1a addchar3 2 + +Successfully set Character3 + +OnlyKey> setslot 1a delay3 2 + +Successfully set Delay3 + +OnlyKey> setslot 1a 2fa g + +Successfully set 2FA Type + +OnlyKey> setslot 1a totpkey + +Type Control-T to toggle password visible. +Password: ******************************** +Successfully set TOTP Key + +OnlyKey> setslot 1a addchar4 2 + +Successfully set Character4 + +OnlyKey> + +Bye! +</code></pre></div></div> + +<h2 id="examples">Examples</h2> + +<h3 id="writing-private-keys-and-passwords">Writing Private Keys and Passwords</h3> + +<p>Keys/passwords are masked when entered and should only be set from interactive mode and not directly from terminal. Entering directly from terminal is not secure as command history is stored.</p> + +<p><strong>Setkey Examples</strong></p> + +<p>To set key a device must first be put into config mode.</p> + +<p><strong>Set HMAC key 1 to a custom value</strong></p> + +<p>$ onlykey-cli</p> + +<p>OnlyKey> setkey HMAC1 h</p> + +<p>Type Control-T to toggle password visible. +Password/Key: <strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><em>**</em></p> + +<p>Successfully set ECC Key</p> + +<p><em>HMAC key must be 20 bytes, h is HMAC type</em></p> + +<p><strong>Set HMAC key 2 to a custom value</strong></p> + +<p>$ onlykey-cli</p> + +<p>OnlyKey> setkey HMAC2 h</p> + +<p>Type Control-T to toggle password visible. +Password/Key: <strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><em>**</em></p> + +<p>Successfully set ECC Key</p> + +<p><em>HMAC key must be 20 bytes, h is HMAC type</em></p> + +<p><strong>Set ECC key in slot ECC1 to a custom value (Slots ECC1-ECC16 are available for ECC keys. Supported ECC curves X25519(x), NIST256P1(n), SECP256K1(s))</strong></p> + +<p>$ onlykey-cli</p> + +<p>OnlyKey> setkey ECC1 x</p> + +<p>Type Control-T to toggle password visible. +Password/Key: <strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong><strong>**</strong>*</p> + +<p>Successfully set ECC Key</p> + +<p><em>ECC key must be 32 bytes, x is X25519 type</em></p> + +<p><strong>Genkey Examples</strong></p> + +<p>To set key a device must first be put into config mode.</p> + +<p><strong>Generate ECC key in slot ECC1 to a custom value (Slots ECC1-ECC16 are available for ECC keys. Supported ECC curves X25519(x), NIST256P1(n), SECP256K1(s))</strong></p> + +<p>$ onlykey-cli</p> + +<p>OnlyKey> genkey ECC1 x</p> + +<p>Successfully set ECC Key</p> + +<h3 id="scripting-example">Scripting Example</h3> + +<p><strong>Set time on OnlyKey (required for TOTP)</strong></p> + +<p>$ onlykey-cli settime</p> + +<p>This can be added to scripts such as the UDEV rule to automatically set time when device is inserted into USB port. See example <a href="https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules">here</a></p> + +<p><strong>Scripted provisioning of an OnlyKey slots and keys can be done by creating a script that sets multiple values on OnlyKey</strong></p> + +<h3 id="list-and-remove-fido2-resident-key">List and Remove FIDO2 Resident Key</h3> + +<p>List current resident keys:</p> + +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>onlykey-cli credential ls +</code></pre></div></div> +<p><img src="https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/images/cli-cred-ls.png" alt="" /></p> + +<p>Remove a resident key by credential ID</p> + +<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>onlykey-cli credential rm eu7LPIjTNwIJt2Ws9LWJlXkiNKaueSEEGteZM2MT/lZtEuYo49V6deCiIRMb6EDC29XG13nBL60+Yx+6hxSUYS1uxX9+AA== +</code></pre></div></div> + +<p>Once removed, list current resident keys to verify:</p> + +<p><img src="https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/images/cli-cred-ls2.png" alt="" /></p> + +<h2 id="source">Source</h2> + +<p><a href="https://github.com/trustcrypto/python-onlykey">OnlyKey CLI on Github</a></p> + + + + <div class="tags"> + + <b>Tags: </b> + + + + + + + + + + </div> + + + + + + +<a target="_blank" rel="noopener" href="https://github.com/trustcrypto/trustcrypto.github.io/edit/pages/pages/mydoc/command-line.md" class="btn btn-default githubEditButton" role="button"><i class="fa fa-github fa-lg"></i> Edit me</a> + + + +</div> + +<hr class="shaded"/> + +<footer> + <div class="row"> + <div class="col-lg-12 footer"> + ©2023 CryptoTrust. All rights reserved. <br /> +<span>Page last updated:</span> Jan, 19, 2022<br/> Site last generated: Jun 7, 2023 <br /> +<p><a href="https://crp.to"><img src="images/company_logo.png" alt="Company logo"/></a></p> + </div> + </div> +</footer> + + + </div> + <!-- /.row --> +</div> +<!-- /.container --> +</div> +<!-- /#main --> + </div> + +</body> + +<!-- the google_analytics_id gets auto inserted from the config file --> + + + +<script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create','UA-66296557-1','auto');ga('require','displayfeatures');ga('send','pageview');</script> + + +</html> diff --git a/hosts/isimud/default.nix b/hosts/isimud/default.nix index e2eadb3d..093afb26 100644 --- a/hosts/isimud/default.nix +++ b/hosts/isimud/default.nix @@ -5,9 +5,24 @@ ../../system ]; + isoImage = { + contents = [ + { + source = ./command-line.html; + # TODO: remove the implied dependency + target = "/home/soispha/cli.html"; + } + ]; + makeEfiBootable = true; + makeUsbBootable = true; + makeBiosBootable = true; + appendToMenuLabel = " Gpg-disk"; + }; environment.systemPackages = [ pkgs.onlykey + pkgs.onlykey-cli pkgs.onlykey-agent + pkgs.cryptsetup ]; soispha = { |