From 24eec36cf5d1a39096812e368fe1feaaf8b07d1b Mon Sep 17 00:00:00 2001 From: Kamil Aronowski Date: Mon, 14 Nov 2022 23:50:04 +0100 Subject: [PATCH 1/3] Mention zbar & pass-otp --- docs/security/multifactor-authentication.md | 32 +++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/security/multifactor-authentication.md b/docs/security/multifactor-authentication.md index 16fa16b..e119ed3 100644 --- a/docs/security/multifactor-authentication.md +++ b/docs/security/multifactor-authentication.md @@ -171,6 +171,38 @@ is largely the same. For a more complete list of compatible services, see [here][usage]. +Alternative - zbar & pass-otp +------------------- + +As an alternative, one can download a QR code, scan it with zbar and use the scan to create one time passwords with pass-otp. + +First, generate a GPG key if you haven't done so yet. + +``` +gpg --full-gen-key +``` + +Initialize the `pass` store (`~/.password-store/`) + +``` +pass init +``` + +Then scan a downloaded QR code with zbar + +``` +zbarimg -q QR.png +``` + +Now we're ready to add it to `pass`. As an example let's assume we're trying to use it as an alternative to GitHub Authenticator app. + +``` +pass otp add github +``` + +You'll be prompted to enter the `otpauth://` URI. Copy it from the `zbarimg` output and paste. + +You can now use the command `pass otp github` to get your one-time password. Depending on your GPG configuration, you may get prompted to enter a passphrase to unlock your OpenPGP secret key first. [YubiKey]: https://www.qubes-os.org/doc/YubiKey/ [MFA]: https://en.wikipedia.org/wiki/Multi-factor_authentication From 016d55f2e2a569e8c6d3cf9e57cf9855a44de9f1 Mon Sep 17 00:00:00 2001 From: Kamil Aronowski Date: Mon, 14 Nov 2022 23:52:30 +0100 Subject: [PATCH 2/3] If you don't have a GPG key, generate one now --- docs/security/multifactor-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security/multifactor-authentication.md b/docs/security/multifactor-authentication.md index e119ed3..a48f767 100644 --- a/docs/security/multifactor-authentication.md +++ b/docs/security/multifactor-authentication.md @@ -176,7 +176,7 @@ Alternative - zbar & pass-otp As an alternative, one can download a QR code, scan it with zbar and use the scan to create one time passwords with pass-otp. -First, generate a GPG key if you haven't done so yet. +If you don't have a GPG key, generate one now. You can skip this step if you have one. ``` gpg --full-gen-key From cee8260f5df577c9294abf7f250277c09a802eb3 Mon Sep 17 00:00:00 2001 From: Kamil Aronowski Date: Sat, 19 Nov 2022 16:14:33 +0100 Subject: [PATCH 3/3] Changes requested in PR 229 --- docs/security/multifactor-authentication.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/security/multifactor-authentication.md b/docs/security/multifactor-authentication.md index a48f767..f8e084f 100644 --- a/docs/security/multifactor-authentication.md +++ b/docs/security/multifactor-authentication.md @@ -176,7 +176,13 @@ Alternative - zbar & pass-otp As an alternative, one can download a QR code, scan it with zbar and use the scan to create one time passwords with pass-otp. -If you don't have a GPG key, generate one now. You can skip this step if you have one. +Install the required tools. The following has been tested on a Fedora 36 template: + +``` +sudo dnf install -y zbar pass pass-otp +``` + +If you don't have a GPG key, generate one now. You can skip this step if you have one - that is if OTP codes will be generated in the same Qube that is used for split-gpg. Nevertheless you may want to accomplish this in a Qube dedicated to something else, so we'll cover this scenario with: ``` gpg --full-gen-key