nitrocli is a program that provides a command line interface for interaction with Nitrokey Pro, Nitrokey Storage, and Librem Key devices.
The following commands are currently supported:
Usage is as simple as providing the name of the respective command as a parameter (note that some commands are organized through subcommands, which are required as well), e.g.:
# Open the nitrokey's encrypted volume.
$ nitrocli storage open
$ nitrocli status
Status:
model: Storage
serial number: 0x00053141
firmware version: v0.54
user retry count: 3
admin retry count: 3
Storage:
SD card ID: 0x05dcad1d
SD card usage: 24% .. 99% not written
firmware: unlocked
storage keys: created
volumes:
unencrypted: active
encrypted: active
hidden: inactive
# Close it again.
$ nitrocli storage close
More examples, a more detailed explanation of the purpose, the potential
subcommands, as well as the parameters of each command are provided in
the man
page.
In addition to Rust itself and Cargo, its package management tool, the following dependencies are required:
gpg-connect-agent
program allows the user to enter
PINs.Packages are available for:
nitrocli
nitrocli
(since Debian Buster)app-crypt/nitrocli
ebuildnitrocli
(since Ubuntu 19.04)nitrocli is published on crates.io and can directly be installed from there:
$ cargo install nitrocli --root=$PWD/nitrocli
After cloning the repository the build is as simple as running:
$ cargo build --release
It is recommended that the resulting executable be installed in a
directory accessible via the PATH
environment variable.
Repository comes with a flake.nix
file, so it can be run directly:
$ nix run d-e-s-o/nitrocli
nitrocli can be installed by adding the repository flake as an input:
{
inputs = {
nitrocli.url = "github:d-e-s-o/nitrocli?dir=contrib/nix";
...
};
outputs = {
nitrocli,
...
}: {
# ...
# Where modules are defined
environment.systemPackages = [ nitrocli.defaultPackage ];
};
...
}
nitrocli comes with completion support for options and arguments to
them (for various shells). A completion script can be generated via the
shell-complete
utility program and then only needs to be sourced to
make the current shell provide context-sensitive tab completion support.
$ cargo run --bin=shell-complete bash > nitrocli.bash
$ source nitrocli.bash
The generated completion script (bash
specific, in this case) can be
installed system-wide as usual and sourced through Bash initialization
files, such as ~/.bashrc
.
Completion scripts for other shells work in a similar manner. Please
refer to the help text (--help
) of the shell-complete
program for
the list of supported shells.
hidapi
version on macOS, users are
advised to build and install libnitrokey
from source and then
set the USE_SYSTEM_LIBNITROKEY
environment variable when building
nitrocli
using one of the methods described above.nitrocli
cannot connect to a Nitrokey device that is currently being
accessed by nitrokey-app
(upstream issue). To
prevent this problem, quit nitrokey-app
before using nitrocli
.nitrocli
or
nitrokey-app
) cannot easily share access with an instance of
scdaemon/GnuPG running shortly afterwards (upstream
issue). As a workaround, users can kill scdaemon
after calling nitrocli
with gpg-connect-agent 'SCD KILLSCD' /bye
.nitrocli follows the Semantic Versioning specification 2.0.0.
Its public API is defined by the nitrocli(1) man
page.
Contributions are generally welcome. Please follow the guidelines outlined in CONTRIBUTING.md.
Robin Krahl (@robinkrahl) has been a crucial help for the development of nitrocli.
The Nitrokey GmbH has generously provided the necessary hardware in the form of Nitrokey Pro and Nitrokey Storage devices for developing and testing the program.
Purism was kind enough to help development of support for Librem Keys by providing the necessary hardware devices to test on.
nitrocli is made available under the terms of the GPLv3.
See the LICENSE file that accompanies this distribution for the full text of the license.
nitrocli
complies with version 3.0 of the REUSE specification.