Crate nitrokey

Expand description

Provides access to a Nitrokey device using the native libnitrokey API.

Usage

Operations on the Nitrokey require different authentication levels. Some operations can be performed without authentication, some require user access, and some require admin access. This is modelled using the types User and Admin.

Use connect to connect to any Nitrokey device. The method will return a DeviceWrapper that abstracts over the supported Nitrokey devices. You can also use Pro::connect or Storage::connect to connect to a specific device.

You can then use authenticate_user or authenticate_admin to get an authenticated device that can perform operations that require authentication. You can use device to go back to the unauthenticated device.

This makes sure that you can only execute a command if you have the required access rights. Otherwise, your code will not compile. The only exception are the methods to generate one-time passwords – get_hotp_code and get_totp_code. Depending on the stick configuration, these operations are available without authentication or with user authentication.

Examples

Connect to any Nitrokey and print its serial number:

use nitrokey::Device;

let device = nitrokey::connect()?;
println!("{}", device.get_serial_number()?);

Configure an HOTP slot:

use nitrokey::{Authenticate, ConfigureOtp, OtpMode, OtpSlotData};

let device = nitrokey::connect()?;
let slot_data = OtpSlotData::new(1, "test", "01234567890123456689", OtpMode::SixDigits);
match device.authenticate_admin("12345678") {
    Ok(admin) => {
        match admin.write_hotp_slot(slot_data, 0) {
            Ok(()) => println!("Successfully wrote slot."),
            Err(err) => println!("Could not write slot: {}", err),
        }
    },
    Err((_, err)) => println!("Could not authenticate as admin: {}", err),
}

Generate an HOTP one-time password:

use nitrokey::{Device, GenerateOtp};

let device = nitrokey::connect()?;
match device.get_hotp_code(1) {
    Ok(code) => println!("Generated HOTP code: {}", code),
    Err(err) => println!("Could not generate HOTP code: {}", err),
}

Structs

Admin

A Nitrokey device with admin authentication.

Config

The configuration for a Nitrokey.

OtpSlotData

The configuration for an OTP slot.

PasswordSafe

A password safe on a Nitrokey device.

Pro

A Nitrokey Pro device without user or admin authentication.

Storage

A Nitrokey Storage device without user or admin authentication.

StorageStatus

The status of a Nitrokey Storage device.

User

A Nitrokey device with user authentication.

VolumeStatus

The status of a volume on a Nitrokey Storage device.

Enums

CommandError

Error types returned by Nitrokey device or by the library.

DeviceWrapper

A wrapper for a Nitrokey device of unknown type.

LogLevel

Log level for libnitrokey.

OtpMode

Modes for one-time password generation.

Constants

SLOT_COUNT

The number of slots in a PasswordSafe.

Traits

Authenticate

Provides methods to authenticate as a user or as an admin using a PIN. The authenticated methods will consume the current device instance. On success, they return the authenticated device. Otherwise, they return the current unauthenticated device and the error code.

ConfigureOtp

Provides methods to configure and erase OTP slots on a Nitrokey device.

Device

A Nitrokey device.

GenerateOtp

Provides methods to generate OTP codes and to query OTP slots on a Nitrokey device.

GetPasswordSafe

Provides access to a PasswordSafe.

Functions

connect

Connects to a Nitrokey device. This method can be used to connect to any connected device, both a Nitrokey Pro and a Nitrokey Storage.

set_debug

Enables or disables debug output. Calling this method with true is equivalent to setting the log level to Debug; calling it with false is equivalent to the log level Error (see set_log_level).

set_log_level

Sets the log level for libnitrokey. All log messages are written to the standard error stream. Setting the log level enables all log messages on the same or on a higher log level.