Upgrade status: still ongoing: WIMS. Please alert the webmaster about any anomalies.
You are here: Foswiki>Cosmo Web>CosmoOrganising>UMKTwoFactorAuthentication (10 Oct 2024, BoudRoukema)Edit Attach
<< WebHome

How to do UMK two-factor authentication 

# 0. (LOCAL) Packages
# These are the Debian package names as of Oct 2024:
sudo apt install gpg pass-otp zbar-tools

#### It seems that steps 3a and 5 must be done from the same machine; maybe also step 4. ####

# 1a. (LOCAL) set up a gpg key pair
gpg --generate-key # or gpg --full-generate-key

# * Remember your passphrase!
# * Keep your private key private.
# * 'info gpg' and 'ls -l ~/.gnupg/'

# 1b. (LOCAL) Check your non-private key info, where <gpgID> is something
#    identifying your gpg key, e.g. the 'email' you gave; or your name
#    if it is unique in your key-ring; or the last 8 hex characters in
#    your public key fingerprint. If you're not sure, do 'gpg
#    --list-keys', which will list *all* the keys in your default
#    key-ring.
gpg --list-key <gpgID> 

# 2a. (LOCAL) Initialise your gpg-protected store of objects.
pass init <gpgID>

# 2b. (LOCAL) Check that pass is running normally.
pass ls

# 3a. (ONLINE) Ask your remote service to start on whatever steps of
#     verification it wishes. Typically, this involves typing a URL
#     into the address bar of a web browser, e.g.
firefox https://usosweb.umk.pl &
#     or
firefox https://portal-pracowniczy.umk.pl/security &

# The service must provide you with a QR
#     image file. Save this image file locally, e.g. <Untitled.png>.

# 3b. (LOCAL)
#     Extract the QR code:
zbarimg <Untitled.png>

# This should give a response such as
QR-Code:otpauth://totp/UMK:mylogin@umk.pl?secret=0123456789ABCDEF0123456789ABCDEF&issuer=https://login.umk.pl

# 4. (ONLINE?) Create a new otp object, to be gpg-encrypted, with some arbitrary name.
#    You will need to twice give the QR-code, i.e. the part after 'QR-Code:',
#    i.e. in this fictitious case,
# 
#    otpauth://totp/UMK:mylogin@umk.pl?secret=0123456789ABCDEF0123456789ABCDEF&issuer=https://login.umk.pl

pass otp add umk1 # copy/paste the QR code; hit 'enter'; copy/paste the code again; hit 'enter'


# 5a. (ONLINE?) Find the current digital code:
pass otp umk1

# 5b. (ONLINE?) If you wait too long, or if you are asked to give new
#   digital codes, ask again. You can do this many times. If you do it
#   fast, the codes will be identical to one another.
pass otp umk1

# 6. (ONLINE) Type or paste the digital code into the online service of step 3a.
#   Redo Step 5a/5b if you were too slow and the digital code timed out.

Background reading

-- BoudRoukema - 09 Oct 2024
Edit  | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | More topic actions
Topic revision: r2 - 10 Oct 2024, BoudRoukema
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback