Better UI for Secrets App

This improves UI for Secrets App subcommands

Changes

divide OTP and PWS credential registering and query into separate commands:
- get-otp (alias: get)
- get-password
- add-otp (alias: register)
- add-password
- add-challenge-reponse (a helper for setting the YKs challenge-response credentials for the compatible applications, e.g. KeepassXC)
output for get-password can be formatted in json or csv
abort *password commands when application version is too old (tested with semver)
request for touch is printed to stderr now
new dependencies: click_aliases, semver:
- https://pypi.org/project/click-aliases/ https://github.com/click-contrib/click-aliases
- https://pypi.org/project/semver/ https://github.com/python-semver/python-semver

Checklist

Make sure to run make check and make fix before creating a PR, otherwise the CI will fail.

[x] tested with Python3.11
[x] signed commits
[x] updated documentation (e.g. parameter description, inline doc, docs.nitrokey)
[x] added labels

Test Environment and Execution

OS: Fedora Linux 38
device's model: USB/IP Sim
device's firmware version: 0.10.0-18-g43e832b0

Relevant Output Example


~/w/pynitrokey (392-secrets-ui-separate-command|✔) [2]$ ./venv/bin/nitropy nk3 secrets add-password "pws" --login l --password p --metadata m
Command line tool to interact with Nitrokey devices 0.4.36
Please touch the device if it blinks
Done
~/w/pynitrokey (392-secrets-ui-separate-command|✔) $ ./venv/bin/nitropy nk3 secrets get-password "pws"
Command line tool to interact with Nitrokey devices 0.4.36
Please touch the device if it blinks
login               : l
password            : p
metadata            : m
properties          : f1
name                : pws
~/w/pynitrokey (392-secrets-ui-separate-command|✔) [2]$ ./venv/bin/nitropy nk3 secrets get-password "pws"
--format json
Command line tool to interact with Nitrokey devices 0.4.36
Please touch the device if it blinks
{"login": "l", "password": "p", "metadata": "m", "properties": "f1", "name": "pws"}
~/w/pynitrokey (392-secrets-ui-separate-command|✔) $ ./venv/bin/nitropy nk3 secrets get-password "pws" --format csv
Command line tool to interact with Nitrokey devices 0.4.36
Please touch the device if it blinks
login,password,metadata,properties,name
l,p,m,f1,pws
~/w/pynitrokey (392-secrets-ui-separate-command|✔) $ ./venv/bin/nitropy nk3 secrets get-password --help
Command line tool to interact with Nitrokey devices 0.4.36
Usage: nitropy nk3 secrets get-password [OPTIONS] NAME

  Get Password Safe Entry

Options:
  --password           Print password only
  --format [json|csv]  Format of the output
  --help               Show this message and exit.
~/w/pynitrokey (392-secrets-ui-separate-command|✔) [2]$ ./venv/bin/nitropy nk3 secrets add-password --help
Command line tool to interact with Nitrokey devices 0.4.36
Usage: nitropy nk3 secrets add-password [OPTIONS] NAME

  Register Password Safe Credential.

  Write Credential under the NAME.

Options:
  --touch-button      This credential requires button press before use
  --protect-with-pin  This credential should be additionally encrypted with a
                      PIN, which will be required before each use
  --login TEXT        Password Safe Login
  --password TEXT     Password Safe Password
  --metadata TEXT     Password Safe Metadata - additional field, to which
                      extra information can be encoded in the future
  --help              Show this message and exit.
~/w/pynitrokey (392-secrets-ui-separate-command|✔) $ ./venv/bin/nitropy nk3 secrets add-otp --help
Command line tool to interact with Nitrokey devices 0.4.36
Usage: nitropy nk3 secrets add-otp [OPTIONS] NAME SECRET

  Register OTP Credential.

  Write Credential under the NAME.

Options:
  --digits-str [6|8]              Digits count
  --kind [HOTP|TOTP|HOTP_REVERSE|HMAC]
                                  OTP mechanism to use. Case insensitive.
  --hash [SHA1|SHA256]            Hash algorithm to use
  --counter-start INTEGER         Starting value for the counter (HOTP only)
  --touch-button                  This credential requires button press before
                                  use
  --protect-with-pin              This credential should be additionally
                                  encrypted with a PIN, which will be required
                                  before each use
  --help                          Show this message and exit.

~/w/pynitrokey (392-secrets-ui-separate-command|✚3) $ ./venv/bin/nitropy nk3 secrets add-challenge-response 2 (echo 1234567890123456789 |  base32)
Command line tool to interact with Nitrokey devices 0.4.36
Please touch the device if it blinks
Done
~/w/pynitrokey (392-secrets-ui-separate-command|✔) $ ./venv/bin/nitropy nk3 secrets add-challenge-response --help
Command line tool to interact with Nitrokey devices 0.4.36
Usage: nitropy nk3 secrets add-challenge-response [OPTIONS] {1|2} SECRET

  Register Challenge-Response Credential.

Options:
  --help  Show this message and exit.

~/w/pynitrokey (392-secrets-ui-separate-command|✚2) $ ./venv/bin/nitropy nk3 secrets add-challenge-response 1 (echo 12345678901234567890 | string trim | base32)
Command line tool to interact with Nitrokey devices 0.4.36
Critical error:
Secret has to be exactly 20 bytes in length (got 21)

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.8gaor5gg' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

Fixes https://github.com/Nitrokey/pynitrokey/issues/392

Nitrokey / pynitrokey

Better UI for Secrets App #393

Changes

Checklist

Test Environment and Execution

Relevant Output Example