- OnlyKey: cheat sheet
- OnlyKey DUO: cheat sheet
It is possible to find out the version of the last release by looking at the download link ((here)[https://docs.onlykey.io/app.html#app-desktop]). For example:
https://github.com/trustcrypto/OnlyKey-App/releases/download/v5.3.6/OnlyKey_5.3.6.exe. You can see that the last version is5.3.6.
Check the version of the installed version:
Under Windows, you should use the standalone version.
Check the version of the CLI utility: onlykey-cli version
Few other commands:
onlykey-cli fwversion
onlykey-cli wink
onlykey-cli getlabels
onlykey-cli getkeylabels
Full list of commands: https://docs.onlykey.io/command-line.html#quickstart
It is possible to find out the version of the last release by looking at the download link ((here)[https://docs.onlykey.io/command-line.html#installation]). For example:
https://github.com/trustcrypto/python-onlykey/releases/download/v1.2.9/onlykey-cli.exe. You can see that the last version is1.2.9.
OnlyKey firmware version:
C:\>onlykey-cli.exe fwversion
v2.1.0-prodc
- Firmware for OnlyKey: https://docs.onlykey.io/usersguide.html#download-firmware
- Firmware for OnlyKey DUO: https://docs.onlykey.io/duousersguide.html#download-firmware
Both keys share the same firmware.
- Permanently blinking red: the config mode is enabled. In this mode, you can, among other things, set a new backup passphrase. To enable the config mode: hold down the button #6 on your OnlyKey for 5+ seconds and release. The OnlyKey light will turn off. Re-enter your current primary PIN to enter config mode and notice the OnlyKey LED flashes red.
- Permanently blinking blue: you are using the key to authenticate on a WEB service (Ex: GitHub) - as a "security key". You are asked to touch one of the 6 buttons (on the key).
- Permanently blinking blue: you are using the key to authenticate on a WEB service (Ex: GitHub) - as a "security key". You are asked to touch one of the 2 buttons (on the key).
- Permanently blinking red: the config mode is enabled. In this mode, you can, among other things, set a new backup passphrase. To enable the config mode: hold down the button #2 on your OnlyKey DUO for 10+ seconds and release. The OnlyKey light will turn off. The OnlyKey LED flashes red.
On the OnlyKey Duo:
- button #1 is located next to the green light.
- Button #2 is located on the other side.
| Device | Procedure |
|---|---|
| OnlyKey | Open a text editor and then hold down the button #2 on OnlyKey for 5+ seconds. |
| OnlyKey Duo | Open a text editor and then hold down the button #2 on OnlyKey for 5+ seconds (but less than 10 seconds, otherwise you active the admin mmode). |
On the OnlyKey Duo:
- button #1 is located next to the green light.
- Button #2 is located on the other side.
- Insert the key into the USB slot.
- Enter the PIN (using the 6 keys on the device). The LED is green.
- Turn on the config mode: to enable the config mode: hold down the #6 button on your OnlyKey for 5+ seconds and release. The OnlyKey light will turn off. Re-enter your current primary PIN to enter config mode and notice the OnlyKey flashes red.
- Open the desktop application.
- Select the tab
Setup. - Enter the passphrase.
- Click
Next.
You should see a message that says, essentially, that the operation was successful.
- you must set a backup passphrase (to the key being backed up) prior to back up a key.
- you must set a backup passphrase (to the key upon which the backup is restored) prior to restore a back up.
- if you restore key
K1’s backup to keyK2, the same backup passphrase must be set onK1andK2.
Online documentation: Secure Encrypted Backup Anywhere
Procedure:
- Insert the key into the USB slot.
- Enter the PIN (using the 6 keys on the device). The LED is green.
- Open the desktop application.
- Select the tab
Backup/Restore. - Click on the text area
Backup data. - Hold the #1 button down on your OnlyKey for 5+ seconds and release.
- Wait until the operation ends.
Please note: you don't have to use the desktop application to back up the OnlyKey. You can, for example, open a text editor (notepad, for example), click in the text area (in the text editor), and hold the #1 button down on your OnlyKey for 5+ seconds and release. The text that represents the backup will be written directly in the text editor.
Please note: for windows users, you can use PoweShell to copy the content of the backup file to the clipboard. For example:
PS C:> $text = Get-Content .\onlykey-backup-2023-10-11T21-13.txt -Raw PS C:> Set-Clipboard -Value $textThen you can paste the content of the file
onlykey-backup-2023-10-11T21-13.txtin any application ([Ctrl]+[V]).
Online documentation: Restore From Backup
- Insert the key into the USB slot.
- Enter the PIN (using the 6 keys on the device). The LED is green.
- Open the desktop application.
- Select the tab
Backup/Restore. - Hold the #6 button down on your OnlyKey for 5+ seconds and release. The light turns off. Then (re)enter the PIN (using the 6 keys on the device). You will see the OnlyKey LED fade in and out continuously (Red) while in config mode.
- Select the file that contains the backup to restore.
- Click on the button "Restore the OnlyKey".
- Wait until the operation ends.
When the operation completes, the key reboots and you must (re)enter the PIN.
Go to OnlyKey Apps.
First, you need a PGP key pair. You can generate these key pair with OpenSSL or with the KeyBase utility, for example. Here we use the KeyBase utility.
Please note that the keybase command line utility is installed under this directory:
"%HOMEPATH%\AppData\Local\Keybase"
You can add this path to PATH environment variable (however, the installation wizard should do it for you).
Generate a PGP keypair:
"%HOMEPATH%\AppData\Local\Keybase"\keybase pgp gen
Please note that this command will automatically send the generated public key to the KeyBase database. However, the private key is not sent to the KeyBase database.
To get the generated private key, execute the following command (CF this post):
"%HOMEPATH%\AppData\Local\Keybase"\keybase pgp export -s > priv_keybase.txt
Please note: for windows users, you can use PoweShell to copy the content of the private key file to the clipboard. For example:
PS C:> $text = Get-Content .\priv_keybase.txt -Raw PS C:> Set-Clipboard -Value $textThen you can paste the content of the file
priv_keybase.txtin any application ([Ctrl]+[V]).
- Start the OnlyKey desktop application.
- Click on the tab "Key".
- Enable on the config mode: to enable the config mode: hold down the #6 button on your OnlyKey for 5+ seconds and release. The OnlyKey light will turn off. Re-enter your current primary PIN to enter config mode and notice the OnlyKey flashes red.
- Paste the "text" that represents the private key to add into the text input "Key". Please note that this "text" is the content of the file "priv_keybase.txt".
- Enter the passphrase that protects the private key (if any).
- Click "Save to OnlyKey".
Go to OnlyKey Apps.
Click on "Encrypt & Sign messages".
- Enter the KeyBase ID (or ProtonMail email address or public key) for the recipient.
- Enter the KeyBase ID (or ProtonMail email address or public key) for the sender.
- Type the message.
- Then click "Encrypt and Sign".
Watch out !!! You will be asked to type a 3-digit code on the OnlyKey!
OnlyKey WebCrypt Log Will Appear Here
PGP Mode to Encrypt and Sign
OKPGP(Encrypt and Sign): Checking recipient's public key...
OKPGP(Encrypt and Sign): Checking sender's public key...
OKPGP(Encrypt and Sign): Encrypting and signing message ...
OKPGP(Encrypt and Sign): You have 10 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 9 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 8 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 7 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 6 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 5 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 4 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 3 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): You have 2 seconds to enter challenge code 6,3,4 on OnlyKey.
OKPGP(Encrypt and Sign): Waiting for OnlyKey to process message.
OKPGP(Encrypt and Sign): Done :) Click here to copy message, then paste encrypted message into an email, IM, whatever.
Enter the 3-digit pin (here "6-3-4") on the OnlyKey and you get the encryted message.
Go to OnlyKey Apps.
Click on "Decrypt & Verify messages".
- Enter the KeyBase ID (or ProtonMail email address or public key) for the sender.
- Enter your KeyBase ID (or ProtonMail email address or public key).
- Past the encrypted message.
- Then click "Decrypt and Verify".
Watch out !!! You will be asked to type a 3-digit code on the OnlyKey!
Follow the instructions here: Configuring two-factor authentication
First you need to configure two-factor authentication using a TOTP. To do that, install Twilio Authy 2-Factor Authentication application on your smartphone or your desktop computer.
Then configure a security key (such as the OnlyKey), on the GitHub Settings page.
WARNING: by the 4th of april 2021, the procedure does not work with FireFox (version 87.0 - 64 bits) on Windows 10. It works with:
- Edge (version
89.0.774.68). - Chrome (version
89.0.4389.114).
Step 1
Connect the OnlyKey on the computer and unlock it.
Step 2
On the section "Security keys" (here), enter a name for the key (for example "OnlyKey") and click on the "Add" button.
Step 3
The led on the OnlyKey blinks blue.
Step 4
When asked to perform an action on the device, just touch one button on the OnlyKey.
That's it.
- Disable Firefox auto filling forms: https://support.mozilla.org/en-US/kb/autofill-logins-firefox