SYNOPSIS
yubioath-cli [-h] command
DESCRIPTION
The Yubico Authenticator is a graphical desktop tool for generating Open AuTHentication (OATH) event-based HOTP and time-based TOTP one-time password codes, with the help of a YubiKey that protects the shared secrets.
OPTIONS
yubioath-cli has the following options:
-h, --help
- Shows a list of available sub commands and arguments.
-R, --remember
- Save any password given for a YubiKey to avoid having to enter it in again.
-r, --reader READER
- Name to match smartcard reader against (case insensitive).
COMMANDS
yubioath-cli supports multiple commands, each with its own options, in addition to the global options:
yubioath-cli show [OPTIONS] [QUERY]
-
Display one or more one time codes calculated by the YubiKey.
-s1, --slot1 DIGITS
- Calculate and show a one time code from slot 1, displaying DIGITS number of digits.
-s2, --slot2 DIGITS
- Calculate and show a one time code from slot 2, displaying DIGITS number of digits.
-t, --timestamp TIMESTAMP
- Use the user provided TIMESTAMP instead of the system clock.
QUERY
- A filter string to match credential names against. If given, only credentials containing the QUERY substring will be displayed. For HOTP credentials, codes will only be calculated when given a QUERY which uniquely specifices the credential as to avoid unwanted counter incrementation.
yubioath-cli put [OPTIONS] KEY
-
Load and store a credential into the YubiKey.
-S, --destination DEST
-
Where DEST is one of:
- • 0 the main applet (default).
- • 1 the YubiKey standard slot 1.
- • 2 the YubiKey standard slot 2.
-N, --name NAME
- The name to give the credential. When giving a name with an issuer, the issuer and name should be separated by a colon: issuer:name. Not applicable to slot-based credentials.
-A, --oath-type ALGORITHM
- OATH algorithm to use. Should be one of totp (default) and hotp. Not applicable to slot-based credentials.
-D, --digits DIGITS
- The number of digits to output when generating codes. Should be 6 (default) or 8. Not applicable to slot-based credentials.
-I IMF, --imf IMF
- The initial value to store for the counter. Only applicable for HOTP credential. Not applicable to slot-based credentials.
-T, --touch
- When set, the slot will require the user to press the button on the YubiKey before calculating a code. Only applicable to slot-based credentials.
KEY
- Either a base32 encoded key to use as the secret for the credential, or an otpauth:// URI containing the parameters of the credential. When a URI is given the other options are not needed, but can be used to override parameters in the URI, if needed.
yubioath-cli delete NAME
-
Deletes a credential from the main OATH credential storage.
NAME
- A filter string that uniquely identifies the credential to delete.
yubioath-cli password [OPTIONS]
-
Manage the access password of the OATH applet.
-S, --set
- Sets a new password for the YubiKey.
-U, --unset
- Unsets the current password, so that the YubiKey does not require a password to be used.
-F, --forget
- Remove all access keys stored on disk.
-P, --password PASSWORD
- Provide the new password for use with --set as an argument. If not given, the command will prompt the user to enter a new password while masking input.
yubioath-cli reset [OPTIONS]
-
Factory-reset the OATH applet, unsetting any access password and erasing all stored credentials.
-f, --force
- Do not prompt for confirmation before resetting.
BUGS
Report bugs in the issue tracker (https://github.com/Yubico/yubioath-desktop/issues)