diff options
author | nicoo <nicoo@debian.org> | 2020-02-12 13:42:22 +0100 |
---|---|---|
committer | Nicolas Braud-Santoni <nicolas@braud-santoni.eu> | 2020-02-12 13:42:22 +0100 |
commit | c79050aa44b8836d836c5dd22a383a073c28b74b (patch) | |
tree | 7bcca9fabd7718bf87ca600a6594f57b76d8de7d /man/fido2-token.1 |
Import upstream release 1.3.0
Closes: #951184
Diffstat (limited to 'man/fido2-token.1')
-rw-r--r-- | man/fido2-token.1 | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/man/fido2-token.1 b/man/fido2-token.1 new file mode 100644 index 0000000..d5a5734 --- /dev/null +++ b/man/fido2-token.1 | |||
@@ -0,0 +1,158 @@ | |||
1 | .\" Copyright (c) 2018 Yubico AB. All rights reserved. | ||
2 | .\" Use of this source code is governed by a BSD-style | ||
3 | .\" license that can be found in the LICENSE file. | ||
4 | .\" | ||
5 | .Dd $Mdocdate: September 13 2019 $ | ||
6 | .Dt FIDO2-TOKEN 1 | ||
7 | .Os | ||
8 | .Sh NAME | ||
9 | .Nm fido2-token | ||
10 | .Nd find and manage a FIDO 2 authenticator | ||
11 | .Sh SYNOPSIS | ||
12 | .Nm | ||
13 | .Op Fl CR | ||
14 | .Op Fl d | ||
15 | .Ar device | ||
16 | .Nm | ||
17 | .Fl D | ||
18 | .Op Fl de | ||
19 | .Fl i | ||
20 | .Ar id | ||
21 | .Ar device | ||
22 | .Nm | ||
23 | .Fl I | ||
24 | .Op Fl cd | ||
25 | .Op Fl k Ar rp_id Fl i Ar cred_id | ||
26 | .Ar device | ||
27 | .Nm | ||
28 | .Fl L | ||
29 | .Op Fl der | ||
30 | .Op Fl k Ar rp_id | ||
31 | .Op device | ||
32 | .Nm | ||
33 | .Fl S | ||
34 | .Op Fl de | ||
35 | .Op Fl i Ar template_id Fl n Ar template_name | ||
36 | .Ar device | ||
37 | .Nm | ||
38 | .Fl V | ||
39 | .Sh DESCRIPTION | ||
40 | .Nm | ||
41 | manages a FIDO 2 authenticator. | ||
42 | .Pp | ||
43 | The options are as follows: | ||
44 | .Bl -tag -width Ds | ||
45 | .It Fl C Ar device | ||
46 | Changes the PIN of | ||
47 | .Ar device . | ||
48 | The user will be prompted for the current and new PINs. | ||
49 | .It Fl D Fl i Ar id Ar device | ||
50 | Deletes the resident credential specified by | ||
51 | .Ar id | ||
52 | from | ||
53 | .Ar device , | ||
54 | where | ||
55 | .Ar id | ||
56 | is the credential's base64-encoded id. | ||
57 | The user will be prompted for the PIN. | ||
58 | .It Fl D Fl e Fl i Ar id Ar device | ||
59 | Deletes the biometric enrollment specified by | ||
60 | .Ar id | ||
61 | from | ||
62 | .Ar device , | ||
63 | where | ||
64 | .Ar id | ||
65 | is the enrollment's template base64-encoded id. | ||
66 | The user will be prompted for the PIN. | ||
67 | .It Fl I Ar device | ||
68 | Retrieves information on | ||
69 | .Ar device . | ||
70 | .It Fl I Fl c Ar device | ||
71 | Retrieves resident credential metadata from | ||
72 | .Ar device . | ||
73 | The user will be prompted for the PIN. | ||
74 | .It Fl I Fl k Ar rp_id Fl i Ar cred_id Ar device | ||
75 | Prints the credential id (base64-encoded) and public key | ||
76 | (PEM encoded) of the resident credential specified by | ||
77 | .Ar rp_id | ||
78 | and | ||
79 | .Ar cred_id , | ||
80 | where | ||
81 | .Ar rp_id | ||
82 | is a UTF-8 relying party id, and | ||
83 | .Ar cred_id | ||
84 | is a base64-encoded credential id. | ||
85 | The user will be prompted for the PIN. | ||
86 | .It Fl L | ||
87 | Produces a list of authenticators found by the operating system. | ||
88 | .It Fl L Fl e Ar device | ||
89 | Produces a list of biometric enrollments on | ||
90 | .Ar device . | ||
91 | The user will be prompted for the PIN. | ||
92 | .It Fl L Fl r Ar device | ||
93 | Produces a list of relying parties with resident credentials on | ||
94 | .Ar device . | ||
95 | The user will be prompted for the PIN. | ||
96 | .It Fl L Fl k Ar rp_id Ar device | ||
97 | Produces a list of resident credentials corresponding to | ||
98 | relying party | ||
99 | .Ar rp_id | ||
100 | on | ||
101 | .Ar device . | ||
102 | The user will be prompted for the PIN. | ||
103 | .It Fl R | ||
104 | Performs a reset on | ||
105 | .Ar device . | ||
106 | .Nm | ||
107 | will NOT prompt for confirmation. | ||
108 | .It Fl S | ||
109 | Sets the PIN of | ||
110 | .Ar device . | ||
111 | The user will be prompted for the PIN. | ||
112 | .It Fl S Fl e Ar device | ||
113 | Performs a new biometric enrollment on | ||
114 | .Ar device . | ||
115 | The user will be prompted for the PIN. | ||
116 | .It Fl S Fl e Fl i Ar template_id Fl n Ar template_name Ar device | ||
117 | Sets the friendly name of the biometric enrollment specified by | ||
118 | .Ar template_id | ||
119 | to | ||
120 | .Ar template_name | ||
121 | on | ||
122 | .Ar device , | ||
123 | where | ||
124 | .Ar template_id | ||
125 | is base64-encoded and | ||
126 | .Ar template_name | ||
127 | is a UTF-8 string. | ||
128 | The user will be prompted for the PIN. | ||
129 | .It Fl V | ||
130 | Prints version information. | ||
131 | .It Fl d | ||
132 | Causes | ||
133 | .Nm | ||
134 | to emit debugging output on | ||
135 | .Em stderr . | ||
136 | .El | ||
137 | .Pp | ||
138 | If a | ||
139 | .Em tty | ||
140 | is available, | ||
141 | .Nm | ||
142 | will use it to prompt for PINs. | ||
143 | Otherwise, | ||
144 | .Em stdin | ||
145 | is used. | ||
146 | .Pp | ||
147 | .Nm | ||
148 | exits 0 on success and 1 on error. | ||
149 | .Sh SEE ALSO | ||
150 | .Xr fido2-assert 1 , | ||
151 | .Xr fido2-cred 1 | ||
152 | .Sh CAVEATS | ||
153 | The actual user-flow to perform a reset is outside the scope of the | ||
154 | FIDO2 specification, and may therefore vary depending on the | ||
155 | authenticator. | ||
156 | Yubico authenticators do not allow resets after 5 seconds from | ||
157 | power-up, and expect a reset to be confirmed by the user through | ||
158 | touch within 30 seconds. | ||