69 lines
2.0 KiB
Org Mode
69 lines
2.0 KiB
Org Mode
:PROPERTIES:
|
|
:ID: cce/using_yubikey_as_an_otp_key
|
|
:END:
|
|
#+TITLE: Using Yubikey as an OTP Key
|
|
#+filetags: :Emacs:CCE:System:
|
|
#+PROPERTY: header-args :mkdirp yes :results none
|
|
#+PROPERTY: header-args:emacs-lisp :tangle yubikey-otp.el
|
|
#+PROPERTY: header-args:yaml :tangle roles/endpoint/tasks/yubikey-otp.yml
|
|
|
|
#+ARROYO_EMACS_MODULE: yubikey-otp
|
|
#+ARROYO_MODULE_WANTS: cce/evil_mode.org
|
|
|
|
#+ARCOLOGY_KEY: cce/yubikey-otp
|
|
#+ARCOLOGY_ALLOW_CRAWL: t
|
|
|
|
#+begin_src emacs-lisp
|
|
(provide 'cce/yubikey-otp)
|
|
#+end_src
|
|
|
|
Yubikeys can also store time-based one-time passwords. It drifts in and out of the Fedora packaging standards, and so I chose to install it from PIP. I use this as a backup in case my [[id:cce/the_standard_unix_password_manager][Pass]] configuration is broken or degraded.
|
|
|
|
#+BEGIN_SRC emacs-lisp
|
|
(setq ykman-path "/usr/bin/ykman")
|
|
|
|
(evil-leader/set-key "y" #'yubikey-get-oath)
|
|
(defun yubikey-get-oath ()
|
|
"Copy a OATH token to yourkill-ring"
|
|
(interactive)
|
|
(let ((ivy-hash (make-hash-table :test 'equal))
|
|
(cb (lambda (choice)
|
|
(with-temp-buffer
|
|
(call-process-region (point-min) (point-max) ykman-path t t nil "oath" "code" (gethash choice ivy-hash))
|
|
(let* ((output (buffer-string))
|
|
(cells (split-string output))
|
|
(code (last cells))
|
|
)
|
|
(kill-new (car code)))))))
|
|
(with-temp-buffer
|
|
(call-process-region (point-min) (point-max) ykman-path t t nil "oath" "list")
|
|
(let ((output (buffer-string)))
|
|
(dolist (line (split-string output "\n"))
|
|
(puthash line line ivy-hash)
|
|
)))
|
|
(ivy-read "Copy token:" ivy-hash :action cb)))
|
|
#+END_SRC
|
|
|
|
#+begin_src yaml
|
|
- name: python-devel installed
|
|
dnf:
|
|
name:
|
|
- python-devel
|
|
- pcsc-lite-devel
|
|
- swig
|
|
state: present
|
|
when: ansible_pkg_mgr=="dnf"
|
|
tags:
|
|
- yubikey-otp
|
|
|
|
- fail: msg=dnf
|
|
when: ansible_pkg_mgr!="dnf"
|
|
|
|
- name: ykman is installed
|
|
pip:
|
|
name: yubikey-manager
|
|
state: present
|
|
tags:
|
|
- yubikey-otp
|
|
#+end_src
|