Update the manual page for OATH-HOTP

Also rewrite some descriptions to make it easier to understand what
the different flags does.

diff --git a/ykpersonalize.1 b/ykpersonalize.1
index 257b8e9540908edf8c84b34328a826324aaadeaf..1e4111ac7826b0fe3a4d8df55cf194c22a2bea7d 100644 (file)
--- a/ykpersonalize.1
+++ b/ykpersonalize.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Tollef Fog Heen <tfheen@err.no>
+.\" Copyright (C) 2009, 2010 Tollef Fog Heen <tfheen@err.no>
 .\" Copyright (c) 2009 Yubico AB
 .\" All rights reserved.
 .\" 
@@ -92,64 +92,115 @@ Must be 12 characters long.
 \fBaccess\fR=\fIfffffffffff\fR
 New hex access code to set.
 Must be 12 characters long.
+.TP 
+[\-]\fIticket-flag\fR
+Set/clear ticket flag, see the section `Ticket flags\&'
+.TP 
+[\-]\fIconfiguration-flag\fR
+Set/clear ticket flag, see the section `Configuration flags\&'
+.RE
+.TP
+\fB-y\fR
+always commit without prompting
+.TP
+\fB-v\fR
+Be more verbose
+.TP
+\fB-h\fR
+Help
+.SH Ticket flags
 .TP
 [\-]\fBtab-first\fR
-Set/clear the TAB_FIRST ticket flag.
+Send a tab character as the first character.  This is usually used to move
+to the next input field.
 .TP
 [\-]\fBappend-tab1\fR
-Set/clear the APPEND_TAB1 ticket flag.
+Send a tab character between the fixed part and the one-time password
+part. This is useful if you have the fixed portion equal to the user
+name and two input fields that you navigate between using tab.
 .TP
 [\-]\fBappend-tab2\fR
-Set/clear the APPEND_TAB2 ticket flag.
+Send a tab character as the last character.
 .TP
 [\-]\fBappend-delay1\fR
-Set/clear the APPEND_DELAY1 ticket flag.
+Add a half-second delay before sending the one-time password part.
 .TP
 [\-]\fBappend-delay2\fR
-Set/clear the APPEND_DELAY2 ticket flag.
+Add a half-second delay after sending the one-time password part.
 .TP
 [\-]\fBappend-cr\fR
-Set/clear the APPEND_CR ticket flag.
+Send a carriage return after sending the one-time password part.
 .TP
-[\-]\fBsend-ref\fR
-Set/clear the SEND_REF configuration flag.
+\fBYubikey 2.0 firmware and above\fR
 .TP
-[\-]\fBticket-first\fR
-Set/clear the TICKET_FIRST configuration flag, only available with Yubikey I
+[\-]\fBprotect-cfg2\fR
+When written to configuration 1, block later updates to configuration
+2.  When written to configuration 2, prevent configuration 1 from
+having the lock bit set.
+.TP
+\fBYubikey 2.1 firmware and above\fR
+.TP
+[\-]\fBoath-hotp\fR
+Set OATH-HOTP mode rather than Yubikey mode.  In this mode, the token
+functions according to the OATH-HOTP standard.
+.SH Configuration flags
+[\-]\fBsend-ref\fR
+Send a reference string of all 16 modhex characters before the fixed
+part.  This can not be combined with the \fBstrong-pw2\fR flag.
 .TP
 [\-]\fBpacing-10ms\fR
-Set/clear the PACING_10MS configuration flag.
+Add a 10ms delay between key presses.
 .TP
 [\-]\fBpacing-20ms\fR
-Set/clear the PACING_20MS configuration flag.
+Add a 20ms delay between key presses.
+.TP
+[\-]\fBstatic-ticket\fR
+Output a fixed string rather than a one-time password.  The password
+is still based on the AES key and should be hard to guess and
+impossible to remember.
+.TP
+\fBYubikey 1.x firmware only\fR
+.TP
+[\-]\fBticket-first\fR
+Send the one-time password rather than the fixed part first.
 .TP
 [\-]\fBallow-hidtrig\fR
-Set/clear the ALLOW_HIDTRIG configuration flag, only available with Yubikey I
+Allow trigger through HID/keyboard by pressing caps-, num or
+scroll-lock twice.  Not recommended for security reasons.
 .TP
-[\-]\fBstatic-ticket\fR
-Set/clear the STATIC_TICKET configuration flag.
+\fBYubikey 2.0 firmware and above\fR
 .TP
 [\-]\fBshort-ticket\fR
-Set/clear the SHORT_TICKET configuration flag, only available with II
+Limit the length of the static string to max 16 digits.  This flag
+only makes sense with the \fB-ostatic-ticket\fR option.
 .TP
 [\-]\fBstrong-pw1\fR
-Set/clear the STRONG_PW1 configuration flag, only available with II
+Upper-case the two first letters of the output string.  This is for
+compatibility with legacy systems that enforce both uppercase and
+lowercase characters in a password and does not add any security.
 .TP
 [\-]\fBstrong-pw2\fR
-Set/clear the STRONG_PW2 configuration flag, only available with II
+Replace the first eight characters of the modhex alphabet with the
+numbers 0 to 7.  Like \fBstrong-pw1\fR, this is intended to support
+legacy systems.
 .TP
 [\-]\fBman-update\fR
-Set/clear the MAN_UPDATE configuration flag, only available with II
-.RE
+Enable user-initiated update of the static password.  Only makes sense
+with the \fB-ostatic-ticket\fR option.
 .TP
-\fB-y\fR
-always commit without prompting
+\fBYubikey 2.1 firmware and above\fR
 .TP
-\fB-v\fR
-Be more verbose
+[\-]\fBoath-hotp8\fR
+When set, generate an 8-digit HOTP rather than a 6-digit one.
 .TP
-\fB-h\fR
-Help
+[\-]\fBoath-fixed-modhex1\fR
+When set, the first byte of the fixed part is sent as modhex.
+.TP
+[\-]\fBoath-fixed-modhex2\fR
+When set, the first two bytes of the fixed part is sent as modhex.
+.TP
+[\-]\fBoath-fixed-modhex\fR
+When set, the fixed part is sent as modhex.
 .SH BUGS
 Report ykpersonalize bugs in 
 .URL "http://code.google.com/p/yubikey-personalization/issues/list" "the issue tracker"