encryptTotpSecret - A tool to encrypt existing TOTP secrets
Contents
Bug Report
Use OW2 system to report bug or ask for features:
<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
Copyright And License
Copyright (C) 2008-2016 by Xavier Guimard, <x.guimard@free.fr>
Copyright (C) 2008-2016 by Clément Oudot, <clem.oudot@gmail.com>
This library is free software; you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation; either version 2, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see
<http://www.gnu.org/licenses/>.
perl v5.40.0 2025-02-10 ENCRYPTTOTPSECRETS(1p)
Description
This script is a migration tool that you can use after enabling TOTP secret encryption in the Manager. It
will make sure that existing secrets are encrypted, and not just newly registered secrets.
Download
Lemonldap::NG is available at <https://lemonldap-ng.org/download>
Name
encryptTotpSecret - A tool to encrypt existing TOTP secrets
Options
--help, -h
Print a brief help message and exit.
--dry-run, -n
Prevent the script from saving modifications to the session database
--update, -u
By default, secrets that are already in encrypted form are skipped by the script. Use this option
to force already encrypted secrets to be decrypted, then re-encrypted using a different key (or
decrypted)
--old-key, -o
The key used to decrypt secrets in --update mode.
By default, the totp2fKey or key LemonLDAP::NG configuration parameters are used.
--new-key, -k
The key used to encrypt secrets. Use -u-kDECRYPT to decrypt secrets instead.
By default, the totp2fKey or key LemonLDAP::NG configuration parameters are used.
--force, -f
Encrypt existing TOTP secrets even if encryption is disabled in the configuration
--verbose, -v
Increase the level of details provided by the script
See Also
Synopsis
encryptTotpSecret [options]
