From c79050aa44b8836d836c5dd22a383a073c28b74b Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@debian.org>
Date: Wed, 12 Feb 2020 13:42:22 +0100
Subject: Import upstream release 1.3.0

Closes: #951184
---
 examples/README.adoc | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 examples/README.adoc

(limited to 'examples/README.adoc')

diff --git a/examples/README.adoc b/examples/README.adoc
new file mode 100644
index 0000000..091c6bc
--- /dev/null
+++ b/examples/README.adoc
@@ -0,0 +1,81 @@
+= Examples
+
+=== Definitions
+
+The following definitions are used in the description below:
+
+- <device>
+
+	The file system path or subsystem-specific identification string of a
+	FIDO device.
+
+- <pin>, [oldpin]
+
+	Strings passed directly in the executed command's argument vector.
+
+- <cred_id>
+
+	The file system path of a file containing a FIDO credential ID in
+	binary representation.
+
+- <pubkey>
+
+	The file system path of a file containing a NIST P-256 public key in
+	PEM format.
+
+=== Description
+
+The following examples are provided:
+
+- manifest
+
+	Prints a list of configured FIDO devices.
+
+- info <device>
+
+	Prints information about <device>.
+
+- reset <device>
+
+	Performs a factory reset on <device>.
+
+- setpin <pin> [oldpin] <device>
+
+	Configures <pin> as the new PIN of <device>. If [oldpin] is provided,
+	the device's PIN is changed from [oldpin] to <pin>.
+
+- cred [-t ecdsa|rsa|eddsa] [-k pubkey] [-ei cred_id] [-P pin] [-T seconds]
+       [-hruv] <device>
+
+	Creates a new credential on <device> and verify that the credential
+	was signed by the authenticator. The device's attestation certificate
+	is not verified. If option -k is specified, the credential's public
+	key is stored in <pubkey>. If option -i is specified, the credential
+	ID is stored in <cred_id>. The -e option may be used to add <cred_id>
+	to the list of excluded credentials. If option -h is specified,
+	the hmac-secret FIDO2 extension is enabled on the generated
+	credential. If option -r is specified, the generated credential
+	will involve a resident key. User verification may be requested
+	through the -v option. If option -u is specified, the credential
+	is generated using U2F (CTAP1) instead of FIDO2 (CTAP2) commands.
+	The -T option may be used to enforce a timeout of <seconds>.
+
+- assert [-t ecdsa|rsa|eddsa] [-a cred_id] [-h hmac_secret] [-s hmac_salt]
+	 [-P pin] [-T seconds] [-puv] <pubkey> <device>
+
+	Asks <device> for a FIDO2 assertion corresponding to [cred_id],
+	which may be omitted for resident keys. The obtained assertion
+	is verified using <pubkey>. The -p option requests that the user
+	be present.  User verification may be requested through the -v
+	option. If option -u is specified, the assertion is generated using
+	U2F (CTAP1) instead of FIDO2 (CTAP2) commands. If option -s is
+	specified, a FIDO2 hmac-secret is requested from the authenticator,
+	and the contents of <hmac_salt> are used as the salt. If option -h
+	is specified, the resulting hmac-secret is stored in <hmac_secret>.
+	The -T option may be used to enforce a timeout of <seconds>.
+
+- retries <device>
+	Get the number of PIN attempts left on <device> before lockout.
+
+Debugging is possible through the use of the FIDO_DEBUG environment variable.
+If set, libfido2 will produce a log of its transactions with the authenticator.
-- 
cgit v1.2.3