Name | yop JSON |
Version |
0.0.2
JSON |
| download |
home_page | |
Summary | Yubikey OTP Provisioner |
upload_time | 2024-03-13 18:48:56 |
maintainer | |
docs_url | None |
author | Andrii Yurchuk |
requires_python | >=3.8.1,<4.0.0 |
license | Unlicense |
keywords |
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# yop
**Y**ubiKey **O**TP **P**rovisioner, or _**yop**_ for short, is a command line tool that allows provisioning OTP
credentials, stored in [pass](https://www.passwordstore.org/), onto a YubiKey.
#### The tool solves the problem of keeping OTP credentials on multiple YubiKeys in sync.
If you are a YubiKey user, chances are you have more than one: definitely for redundancy, probably for convenience. If
you use your YubiKeys for OTP, then you proabably want to keep the OTP credentials on all of them in sync. One way of
achieving that is keeping your credentials' data in [pass](https://www.passwordstore.org/), and then provision it onto
your YubiKeys. _**yop**_ automates the process of keeping credentials on your YubiKeys in sync with your _pass_ store.
## Installation
Install [pipx](https://pipx.pypa.io/stable/installation/), then
```
pipx install yop
```
## Usage
Insert a YubiKey, then execute `yop`, pointing it to the _pass_ directory with your OTP credentials:
```
yop ~/.otp-store
```
## Inner workings and limitations
_**yop**_ assumes that the _pass_ store it sees is used exclusively for OTP credentials, i.e. it will not try to make a
distinction between an encrypted OTP credential and an encrypted password. If a value encountered is not a valid OTP
secret (a Base32 encoded string), parsing will fail. It is generally a good idea anyway, if using _pass_ for OTP
credentials, to at least keep them in a separate store.
The store can have arbitrary directory structure, but it must contain no more than 32 encrypted files (this is a
[limitation](https://support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with)
of the YubiKey OATH application, that can only hold up to 32 credentials).
_**yop**_ relies on the following assumptions about the encrypted file:
- the file name (without the `.gpg` extension) is assumed to be the issuer
- the first line is assumed to be the secret
- if there is a line that starts with `user: ` or `username: `, the part after `: ` is assumed to be the username;
otherwise the second line is assumed to be the username
#### Examples:
- `firefox.com.gpg`:
```
FOOBARBAZQUX4217
username: me@example.com
```
- `amazon.com.gpg`:
```
FOOBARBAZQUX4217
user: someoneelse@example.com
```
- `github.com.gpg`:
```
FOOBARBAZQUX4217
Ch00k
```
The sync operation is atomic: if a file cannot be parsed, the sync operation is aborted.
By default _**yop**_ runs in dry-run mode. Supplying the `--really` option disables dry-run.
By default _**yop**_ will try to write credentials, that are found in _pass_, but are not found on YubiKey, but it will
not delete those that are found on YubiKey, but not found in _pass_. To force deletion, supply the `--delete` option.
See the output of `yop --help` for mode details.
Raw data
{
"_id": null,
"home_page": "",
"name": "yop",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8.1,<4.0.0",
"maintainer_email": "",
"keywords": "",
"author": "Andrii Yurchuk",
"author_email": "ay@mntw.re",
"download_url": "https://files.pythonhosted.org/packages/43/a6/e54d11b82734b6dcab2dab6bbc5e88bb2f11d9f2b9502e0c84124d6f7a0c/yop-0.0.2.tar.gz",
"platform": null,
"description": "# yop\n\n**Y**ubiKey **O**TP **P**rovisioner, or _**yop**_ for short, is a command line tool that allows provisioning OTP\ncredentials, stored in [pass](https://www.passwordstore.org/), onto a YubiKey.\n\n#### The tool solves the problem of keeping OTP credentials on multiple YubiKeys in sync.\n\nIf you are a YubiKey user, chances are you have more than one: definitely for redundancy, probably for convenience. If\nyou use your YubiKeys for OTP, then you proabably want to keep the OTP credentials on all of them in sync. One way of\nachieving that is keeping your credentials' data in [pass](https://www.passwordstore.org/), and then provision it onto\nyour YubiKeys. _**yop**_ automates the process of keeping credentials on your YubiKeys in sync with your _pass_ store.\n\n## Installation\n\nInstall [pipx](https://pipx.pypa.io/stable/installation/), then\n\n```\npipx install yop\n```\n\n## Usage\n\nInsert a YubiKey, then execute `yop`, pointing it to the _pass_ directory with your OTP credentials:\n\n```\nyop ~/.otp-store\n```\n\n## Inner workings and limitations\n\n_**yop**_ assumes that the _pass_ store it sees is used exclusively for OTP credentials, i.e. it will not try to make a\ndistinction between an encrypted OTP credential and an encrypted password. If a value encountered is not a valid OTP\nsecret (a Base32 encoded string), parsing will fail. It is generally a good idea anyway, if using _pass_ for OTP\ncredentials, to at least keep them in a separate store.\n\nThe store can have arbitrary directory structure, but it must contain no more than 32 encrypted files (this is a\n[limitation](https://support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with)\nof the YubiKey OATH application, that can only hold up to 32 credentials).\n\n_**yop**_ relies on the following assumptions about the encrypted file:\n\n- the file name (without the `.gpg` extension) is assumed to be the issuer\n- the first line is assumed to be the secret\n- if there is a line that starts with `user: ` or `username: `, the part after `: ` is assumed to be the username;\n otherwise the second line is assumed to be the username\n\n#### Examples:\n\n- `firefox.com.gpg`:\n\n ```\n FOOBARBAZQUX4217\n username: me@example.com\n ```\n\n- `amazon.com.gpg`:\n\n ```\n FOOBARBAZQUX4217\n user: someoneelse@example.com\n ```\n\n- `github.com.gpg`:\n ```\n FOOBARBAZQUX4217\n Ch00k\n ```\n\nThe sync operation is atomic: if a file cannot be parsed, the sync operation is aborted.\n\nBy default _**yop**_ runs in dry-run mode. Supplying the `--really` option disables dry-run.\n\nBy default _**yop**_ will try to write credentials, that are found in _pass_, but are not found on YubiKey, but it will\nnot delete those that are found on YubiKey, but not found in _pass_. To force deletion, supply the `--delete` option.\n\nSee the output of `yop --help` for mode details.\n",
"bugtrack_url": null,
"license": "Unlicense",
"summary": "Yubikey OTP Provisioner",
"version": "0.0.2",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "708195d5940ad62b2cb94936788302172dded2d626b137aaf67bbb3e7614e462",
"md5": "752622de04874baacce9be3f6f625dc9",
"sha256": "a4e8302a33dc2648e596901065d26edbcc3ee42ccf62547223633bf525d50cf8"
},
"downloads": -1,
"filename": "yop-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "752622de04874baacce9be3f6f625dc9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8.1,<4.0.0",
"size": 7522,
"upload_time": "2024-03-13T18:48:55",
"upload_time_iso_8601": "2024-03-13T18:48:55.113488Z",
"url": "https://files.pythonhosted.org/packages/70/81/95d5940ad62b2cb94936788302172dded2d626b137aaf67bbb3e7614e462/yop-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "43a6e54d11b82734b6dcab2dab6bbc5e88bb2f11d9f2b9502e0c84124d6f7a0c",
"md5": "9625b84418bca27bc85f19bd780d4fb2",
"sha256": "b77f78a7dd2e5e98474c590b818ebf34ba1722daf9a849122f259ab97882ead6"
},
"downloads": -1,
"filename": "yop-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "9625b84418bca27bc85f19bd780d4fb2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8.1,<4.0.0",
"size": 6448,
"upload_time": "2024-03-13T18:48:56",
"upload_time_iso_8601": "2024-03-13T18:48:56.675551Z",
"url": "https://files.pythonhosted.org/packages/43/a6/e54d11b82734b6dcab2dab6bbc5e88bb2f11d9f2b9502e0c84124d6f7a0c/yop-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-13 18:48:56",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "yop"
}