Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sigmavirus24/yubikiller
A tool to invalidate accidental Yubikey presses
https://github.com/sigmavirus24/yubikiller
go golang invalidation otp yubico yubico-otp
Last synced: 29 days ago
JSON representation
A tool to invalidate accidental Yubikey presses
- Host: GitHub
- URL: https://github.com/sigmavirus24/yubikiller
- Owner: sigmavirus24
- License: other
- Created: 2020-04-13T00:18:46.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-04-24T22:55:48.000Z (over 4 years ago)
- Last Synced: 2024-08-02T15:48:18.720Z (3 months ago)
- Topics: go, golang, invalidation, otp, yubico, yubico-otp
- Language: Go
- Size: 6.84 KB
- Stars: 7
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Yubikiller
I've recently started using a YubiKey 5 Nano but have been accidentally
pressing it while carrying my laptop around. If captured in public, those OTP
codes can be used to access the accounts I'm using my YubiKey for.
I'd prefer to invalidate those OTP codes and have something simple for doing
so.
With Python 3 as the default `python` on one's system, you could do:
```
curl "https://api.yubico.com/wsapi/2.0/verify?id=1&nonce=$(python -c 'import secrets; print(secrets.token_hex(16))')&otp=$OTP"
```
But who's going to remember that? And making a bash script or shell alias for
it does not inherently make it easy to install or use.
Instead, I wrote this small tool that can be expanded upon and will check the
fields returned by Yubico's API.
## Installation
```
go install github.com/sigmavirus24/yubikiller/cmd/yubikiller
```
## Usage
```
yubikiller
```
## License
3-Clause BSD License (for more details see [the OSI][]), also known as
BSD-3-Clause (SPDX identifier)
[the OSI]: https://opensource.org/licenses/BSD-3-Clause