Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nitropy PIV: add --experimental in documentation #283

Merged
merged 1 commit into from
Sep 30, 2024
Merged

nitropy PIV: add --experimental in documentation #283

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions nitrokey3/windows/piv/access_control.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ The factory default for the *PIN* is ``123456``.
Please refer to the chapter `Retry Counter <access_control.html#retry-counter>`__ to learn more.

1. Connect the Nitrokey 3 with your computer.
2. On the terminal enter ``nitropy nk3 piv change-pin``.
2. On the terminal enter ``nitropy nk3 piv --experimental change-pin``.


Personal Unblocking Key (PUK)
Expand All @@ -55,7 +55,7 @@ The factory default for the *PUK* is ``123456``.
Please refer to the chapter `Retry Counter <access_control.html#retry-counter>`__ to learn more.

1. Connect the Nitrokey 3 with your computer.
2. On the terminal enter ``nitropy nk3 piv change-puk``.
2. On the terminal enter ``nitropy nk3 piv --experimental change-puk``.


Retry Counter
Expand All @@ -68,7 +68,7 @@ A retry counter of zero means that there are no attempts left.
The *PIN* has a retry counter of 3 attempts.
If these attempts are used up, the *PIN* must be unlocked with the *PUK*.

To unblock the *PIN*, use the command ``nitropy nk3 piv reset-retry-counter``.
To unblock the *PIN*, use the command ``nitropy nk3 piv --experimental reset-retry-counter``.
This command requires the *PUK*.

The *PUK* has a retry counter of 3 attempts.
Expand All @@ -82,6 +82,6 @@ Management Key (MGM)
The management key is used for management operations.

Before you can perform management operations you must authenticate with the management key.
The authentication is done with ``nitropy nk3 piv admin-auth``.
The authentication is done with ``nitropy nk3 piv --experimental admin-auth``.

The management key can be changed with ``nitropy nk3 piv change-admin-key``.
The management key can be changed with ``nitropy nk3 piv --experimental change-admin-key``.
4 changes: 2 additions & 2 deletions nitrokey3/windows/piv/certificate_management.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ The certificate can be retrieved as follows.

.. code-block::

nitropy nk3 piv read-certificate --key-slot <key-slot>``
nitropy nk3 piv --experimental read-certificate --key-slot <key-slot>``


Write Certificate
Expand All @@ -24,4 +24,4 @@ Certificates can be written to the Nitrokey per key slot.

.. code-block::

nitropy nk3 piv write-certificate --key-slot <key-slot>
nitropy nk3 piv --experimental write-certificate --key-slot <key-slot>
2 changes: 1 addition & 1 deletion nitrokey3/windows/piv/factory_reset.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ The reset to factory defaults can be performed as follows.

.. code-block::

nitropy nk3 piv factory-reset
nitropy nk3 piv --experimental factory-reset
6 changes: 3 additions & 3 deletions nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,13 @@ The certificate is then written to the Nitrokey.
A creation time of the certificate before the creation time of the user account will lead to a failed logon.

.. important::
If the PIV application on the Nitrokey was not used before, perform a initialization with ``nitropy nk3 piv init`` first.
If the PIV application on the Nitrokey was not used before, perform a initialization with ``nitropy nk3 piv --experimental init`` first.

1. Generate a private key and write the CSR to file with the command below.

.. code-block::

nitropy nk3 piv generate-key --key 9A --algo <algorithm> --subject-name <subject-name> --subject-alt-name-upn <subject-alternative-name> --out-file <file>
nitropy nk3 piv --experimental generate-key --key 9A --algo <algorithm> --subject-name <subject-name> --subject-alt-name-upn <subject-alternative-name> --out-file <file>

The value of ``<algorithm>`` is the used algorithm with its key length, e.g. ``rsa2048``.
The values of ``<subject-name>`` and ``<subject-alternative-name>`` corresponds typically to the ``commonName`` and ``userPrincipalName`` attribute of the Active Directory user account.
Expand All @@ -114,7 +114,7 @@ The certificate is then written to the Nitrokey.

.. code-block::

nitropy nk3 piv write-certificate --format PEM --path <file>
nitropy nk3 piv --experimental write-certificate --format PEM --path <file>

The value of ``<file>`` is the certificate file.

Expand Down
2 changes: 1 addition & 1 deletion nitrokey3/windows/piv/key_management.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,4 @@ The command below will create private key in key slot ``9a`` for the user with t

.. code-block::

nitropy nk3 piv generate-key --key-slot 9a --subject-name "John Doe" --subject-alt-name-upn "[email protected]"
nitropy nk3 piv --experimental generate-key --key-slot 9a --subject-name "John Doe" --subject-alt-name-upn "[email protected]"
Loading