Pre-public update

13 files changed, 385 insertions, 56 deletions

diff --git a/.gitignore b/.gitignore
index ffb8274..5f977e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -362,6 +362,5 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 
-*.sln
 /src/bin
 /src/Properties
diff --git a/Module.Taskfile.yaml b/Module.Taskfile.yaml
new file mode 100644
index 0000000..85db3c8
--- /dev/null
+++ b/Module.Taskfile.yaml
@@ -0,0 +1,57 @@
+# https://taskfile.dev
+
+version: '3'
+
+vars:
+  INT_DIR: '{{.SCRATCH_DIR}}/obj/{{.MODULE_NAME}}/'
+  TARGET: '{{.OUTPUT_DIR}}/{{.HEAD_SHA}}'
+  MS_ARGS: '--sc false /p:RunAnalyzersDuringBuild=false /p:IntermediateOutputPath="{{.INT_DIR}}" /p:UseCommonOutputDirectory=true /p:BuildInParallel=true /p:MultiProcessorCompilation=true'
+
+tasks:
+#called by build pipeline to sync repo
+  update:
+    dir: '{{.USER_WORKING_DIR}}'
+    cmds:
+     #force remove any local changes and overwite
+     - git remote update
+     - git reset --hard  
+     - git pull origin {{.BRANCH_NAME}} --verify-signatures 
+
+#called by build pipeline to build module
+  build:
+    dir: '{{.USER_WORKING_DIR}}'
+    cmds:
+     - echo "building module {{.MODULE_NAME}}"
+    
+     #re-write semver after hard reset
+     - dotnet-gitversion.exe /updateprojectfiles
+     
+     #build debug mode first
+     - task: build_debug
+     - task: build_release
+
+#called by build pipeline to clean module
+  clean:
+    dir: '{{.USER_WORKING_DIR}}'
+    cmds:
+     - echo "Cleanining {{.MODULE_NAME}}"
+     #clean solution
+     - dotnet clean /p:BuildInParallel=true /p:MultiProcessorCompilation=true
+
+
+#Internal tasks
+  build_debug:
+    dir: '{{.USER_WORKING_DIR}}'
+    internal: true
+    cmds:
+     - dotnet publish -c debug -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
+     - dotnet publish -c debug -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
+     - dotnet publish -c debug -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
+
+  build_release:
+    dir: '{{.USER_WORKING_DIR}}'
+    internal: true
+    cmds:
+     - dotnet publish -c release -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
+     - dotnet publish -c release -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
+     - dotnet publish -c release -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
\ No newline at end of file
diff --git a/PkiAuthenticator.build.sln b/PkiAuthenticator.build.sln
new file mode 100644
index 0000000..dec2662
--- /dev/null
+++ b/PkiAuthenticator.build.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.5.33502.453
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PkiAuthenticator", "src/PkiAuthenticator.csproj", "{75848ED7-D09B-44A6-A502-2AA427329C8F}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{75848ED7-D09B-44A6-A502-2AA427329C8F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{75848ED7-D09B-44A6-A502-2AA427329C8F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{75848ED7-D09B-44A6-A502-2AA427329C8F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{75848ED7-D09B-44A6-A502-2AA427329C8F}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {B5B61155-750D-4BE9-9695-6E49D7E406C2}
+	EndGlobalSection
+EndGlobal
diff --git a/README.md b/README.md
index b0876a6..5f42c6d 100644
--- a/README.md
+++ b/README.md
@@ -3,15 +3,15 @@
 *A command line tool for generating certificate-based, signed, One-Time-Passwords for web/service authentication, with YubiKey support by default*
 
 ## What is Vauth?
-This repository contains code for a .NET/6.0 command-line tool used to generate certificate-backed One-Time-Passwords (OTP) for client authentication. This method is a single (1) factor authentication based on a username (usually an email address) stored in a JsonWebToken (JWT) claim, that will be submitted to a server's PKI endpoint to authenticate your client. Extremely simple and most secure methods by default is the design goal of this tool.
+This repository contains source code for a .NET/6.0 command-line tool used to generate certificate-backed One-Time-Passwords (OTP) for client authentication. This method is a single (1) factor authentication based on a username (usually an email address) stored in a JsonWebToken (JWT) claim, that will be submitted to a server's PKI endpoint to authenticate your client. Extremely simple and most secure methods by default is the design goal of this tool.
 
 ### Hardware support
 This tool currently uses the Yubico core sdk for using PIV enabled YubiKey devices. Since certificate based authentication is required, your YubiKey device must be PIV enabled. This is the recommended way to generate OTPs (assuming you own a YubiKey). By default the 0x9A PIV is slot is used to sign OTPs, but you my override the slot number. (see `--help` for more info) If your slot is PIN protected, you will be prompted to enter it when required, but you my also specify it as an argument **not recommended**, or via an environment variable, to inline the authentication process. (see `--help` for more info)
 
 ### Software support
-This tool also supports software certificates/keys with the `--software cert.pem --private-key priv.pem` flags. This tool does not generate certificates/keys, you must use a tool such as OpenSSL to generate your certificates. Your certificate private keys must be PEM encoded x509 format, and your private key must be stored in plain text PEM, or may be encrypted PEM format. If your private key file is encrypted, you must specify the `--password` argument, this will cause a prompt for your encryption password, the `--password` flag my be followed by your plaintext password **not recommended**, or set via an environment variable. (see `--help` for more info) 
+This tool also supports software certificates/keys, check the usage below. This tool does not generate certificates/keys, you must use a tool such as OpenSSL to generate your certificates. Your certificate private keys must be PEM encoded x509 format, and your private key must be stored in plain text PEM, or may be encrypted PEM format. If your private key file is encrypted, you must specify the `--password` argument, this will cause a prompt for your encryption password, the `--password` flag my be followed by your plaintext password **not recommended**, or set via an environment variable. (see `--help` for more info) 
 
-## Usage
+## Usage  
 ### OTP generation (hardware)
 In hardware mode (default) by running `.\vauth.exe` will connect to the first *PIV enabled* YubiKey connected to your machine, and use it's 0x9A authentication slot to sign your newly created OTP credential. If you do not specify a username, the CN subject field is used as your `sub` field for the OTP (required for PKI authentication endpoints to know who you are). It also sets the required `keyid` field to the sha1 hash of the certificate stored in the 0x9A slot. (see `--help` for how to set a username). *Note:* the `keyid` field must match the public key id that was initially loaded under your username, otherwise the authentication will fail. 
 
@@ -20,32 +20,25 @@ In hardware mode (default) by running `.\vauth.exe` will connect to the first *P
 
 In software mode, your x509 certificate file is loaded, along with your private key file (may be password protected). If valid, an OTP is generated and signed by your private key. Again, your certificate subject CN is used as your username if no `--username` flag is set. 
 
-**Implementation notes**
+**Implementation notes**  
 To make a common hardware/software abstraction, software mode only supports RSA 1024/2048, and Elliptic curves nistP256/nistP384 for signing. In RSA mode OTP use the RS256 standard of sha256 with PKS1 padding. In EC mode, uses ES256 when using nistP256, or ES384 when using nist384 curves. 
 
 ### Public Key Export 
-`--export` (for JWK encoding)
+`--export` (for JWK encoding)  
 `--export pem` (for pem encoding) 
 
 This tool only supports exporting your public key in JWK format or in PEM encoding, it does not export the entire certificate. When exporting your public key as a JWK, the kid is set to the certificate hash, and the custom `"serial":` field is set to the certificate's hex encoded serial number.  
 
 ### List devices (hardware Only)
-Lists all hardware implementation devices connected to your machine. Currently only supports YubiKey devices, which prints all devices detected by the Yubico SDK regardless of their PIV support.
+Lists all hardware implementation devices connected to your machine. Currently only supports YubiKey devices, which prints all devices detected by the Yubico SDK regardless of their PIV support.  
 
-<hr>
-## Licensing
-This project is licensed to you under the GNU GPL V2+. See LICENSE.txt for more information
-
-## Builds
-Linux-x64, win-x64 and osx-x64 are builds are available for download on my [website](https://www.vaughnnugent.com/resources/software/modules/PkiAuthenticator). Build packages will be tar +gzipped (except for nuget packages). 
+Use `-h or --help` flag to print the latest command usage and flag descriptions.  
 
-*All downloads will contain a sha384 hash of the file by adding a .sha384 to the desired file download, eg: debug.tgz.sha384*
-*PGP signed downloads will be available eventually*
+## Extended Documentation
+For more information on how to build or use this tool please see the [documentation](https://www.vaughnnugent.com/resources/software/articles?tags=docs,_PkiAuthenticator)
 
-- Project source code (src.tgz)
-- Nuget package (where applicable), debug w/ symbols & source + release (pkg/buildType/projName.version.nupkg)
-- Debug build w/ symbols & xml docs (debug.tgz)
-- Release build (release.tgz)
+## Builds
+Executables downloads are available for Linux-x64, win-x64 and osx-x64 on my [website](https://www.vaughnnugent.com/resources/software/modules/PkiAuthenticator).
 
 ## From source
 This project uses internal and external project dependencies, all via NuGet. **However,** the internal libraries are only available from my public NuGet feeds for now. You may find the debug and release feeds from my [website](https://www.vaughnnugent.com/resources/software/modules). You will only need to add those feeds (you should consider adding it anyway :smiley:)
@@ -56,4 +49,7 @@ Tools, you will need the .NET >= 6.0 sdk installed, msbuild/dotnet build tool, a
 2. Add my NuGet feed from my [website](https://www.vaughnnugent.com/resources/software/modules)
 3. dotnet build
 
-If you do not wish to use the NuGet feeds, you may download the assemblies from my website, and reference the assemblies, in the project file instead of their NuGet packages references. The .tar archives include all of the required dependencies. 
\ No newline at end of file
+If you do not wish to use the NuGet feeds, you may download the assemblies from my website, and reference the assemblies, in the project file instead of their NuGet packages references. The .tar archives include all of the required dependencies. 
+
+## Licensing
+This project is licensed to you under the GNU GPL V2+. See LICENSE.txt for more information  
diff --git a/Taskfile.yaml b/Taskfile.yaml
new file mode 100644
index 0000000..2bec577
--- /dev/null
+++ b/Taskfile.yaml
@@ -0,0 +1,86 @@
+# https://taskfile.dev
+
+version: '3'
+
+vars:
+  INT_DIR: '{{.SCRATCH_DIR}}/obj/{{.MODULE_NAME}}/'
+  TARGET: '{{.USER_WORKING_DIR}}/bin'  
+  RELEASE_DIR: "./bin/release/{{.TARGET_FRAMEWORK}}"
+
+tasks:
+  
+  #when build succeeds, archive the output into a tgz 
+  postbuild_sucess:
+    dir: '{{.USER_WORKING_DIR}}'
+
+    cmds:
+
+     #run post in debug mode
+     - task: postbuild
+       vars: 
+         BUILD_MODE: debug 
+         TARGET_OS: linux-x64
+
+     - task: postbuild
+       vars: 
+         BUILD_MODE: debug 
+         TARGET_OS: win-x64
+    
+     - task: postbuild
+       vars: 
+         BUILD_MODE: debug 
+         TARGET_OS: osx-x64
+   
+
+     #remove uncessary files from the release dir
+     - powershell -Command "Get-ChildItem -Recurse '{{.RELEASE_DIR}}/' -Include *.pdb,*.xml | Remove-Item"
+
+     #run post in release mode
+     - task: postbuild
+       vars: 
+         BUILD_MODE: release 
+         TARGET_OS: linux-x64
+
+     - task: postbuild
+       vars: 
+         BUILD_MODE: release 
+         TARGET_OS: win-x64
+    
+     - task: postbuild
+       vars: 
+         BUILD_MODE: release 
+         TARGET_OS: osx-x64
+
+     #pack up source code and put in output
+     - powershell -Command "Get-ChildItem -Include *.cs,*.csproj -Recurse | Where { \$_.FullName -notlike '*\obj\*' } | Resolve-Path -Relative | tar --files-from - -czf '{{.TARGET}}/src.tgz'"
+
+
+  postbuild_failed:
+    dir: '{{.USER_WORKING_DIR}}'
+    cmds:
+     - echo "postbuild failed {{.PROJECT_NAME}}"
+
+
+  postbuild:
+    dir: '{{.USER_WORKING_DIR}}'
+    vars:
+      BUILD_DIR: "{{.USER_WORKING_DIR}}/bin/{{.BUILD_MODE}}/{{.TARGET_FRAMEWORK}}/{{.TARGET_OS}}/publish"
+    internal: true
+    cmds:
+     
+     #copy license and readme to target
+     - cd .. && powershell -Command "Copy-Item -Path ./LICENSE.txt -Destination '{{.BUILD_DIR}}/license.txt'"
+     - cd .. && powershell -Command "Copy-Item -Path ./build.readme.txt -Destination '{{.BUILD_DIR}}/readme.txt'"
+
+     #tar outputs
+     - cd "{{.BUILD_DIR}}" && tar -czf "{{.TARGET}}/{{.TARGET_OS}}-{{.BUILD_MODE}}.tgz" .
+
+
+#Remove the output dirs on clean
+  clean:
+    dir: '{{.USER_WORKING_DIR}}'
+    cmds:
+     - cmd: powershell Remove-Item -Recurse './bin'
+       ignore_error: true
+     - cmd: powershell Remove-Item -Recurse './obj'
+       ignore_error: true
\ No newline at end of file
diff --git a/build.readme.txt b/build.readme.txt
new file mode 100644
index 0000000..1ddde93
--- /dev/null
+++ b/build.readme.txt
@@ -0,0 +1,37 @@
+PKiAuthenticator aka vauth, Copyright (c) 2023 Vaughn Nugent
+
+PkiAuthenticator is free software: you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published
+by the Free Software Foundation, either version 2 of the License,
+or (at your option) any later version.
+
+PkiAuthenticator is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License 
+along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+
+
+Contact Information:
+
+Email: vnpublic@proton.me
+Website: http://www.vaughnnugent.com
+Documentation: https://www.vaughnnugent.com/resources/software/articles?tags=docs,_PkiAuthenticator
+Github Repository: https://github.com/VnUgE/pkiauthenticator
+
+
+Setup:
+
+To use this application, you must have .NET/6.0 runtime installed on your system. 
+It can be found here https://dotnet.microsoft.com/en-us/download. It must be installed globally
+for the application to work.
+
+Run the following command to read the man page
+vauth -h
+
+
+All set to get started! For more information, please visit the documentation link above, or 
+the github repository. If you would like to report a bug or a vulnerability, please send 
+me an email to the adress above.
\ No newline at end of file
diff --git a/src/HardwareAuthenticator.cs b/src/HardwareAuthenticator.cs
index 1f0f0b2..f4984ac 100644
--- a/src/HardwareAuthenticator.cs
+++ b/src/HardwareAuthenticator.cs
@@ -1,4 +1,24 @@
-using System;
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: HardwareAuthenticator.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+using System;
 using System.Linq;
 using System.Text;
 using System.Buffers;
@@ -13,8 +33,6 @@ using Yubico.YubiKey.Piv;
 using VNLib.Utils;
 using VNLib.Utils.Logging;
 using VNLib.Utils.Extensions;
-using VNLib.Hashing;
-using VNLib.Hashing.IdentityUtility;
 
 using static PkiAuthenticator.Statics;
 
@@ -55,6 +73,8 @@ namespace PkiAuthenticator
         {
             IYubiKeyDevice? device;
 
+            Log.Debug("Using hardware authenticator");
+
             //User may select the serial of the specific key to use
             if (CliArgs.HasArg("--key") && int.TryParse(CliArgs.GetArg("--key"), out int serial))
             {
@@ -87,7 +107,7 @@ namespace PkiAuthenticator
                     KeyCollector = GetUserPinInput
                 };
 
-                Log.Debug("Connected to device {id}", device.SerialNumber!);
+                Log.Information("Connected to device {id}, using slot {slot}", device.SerialNumber!, PivSlot.ToString("x"));
 
                 //Store the key algorithm
                 KeyAlgorithm = _session.GetMetadata(PivSlot).Algorithm;
@@ -129,7 +149,8 @@ namespace PkiAuthenticator
         public X509Certificate2 GetCertificate() =>
             _session?.GetCertificate(PivSlot)
             ?? throw new InvalidOperationException("The PIV session has not been successfully initialized");
-      
+
+        ///<inheritdoc/>
         protected override void Free()
         {
             _session?.Dispose();
diff --git a/src/IAuthenticator.cs b/src/IAuthenticator.cs
index 440a69f..447f35e 100644
--- a/src/IAuthenticator.cs
+++ b/src/IAuthenticator.cs
@@ -1,4 +1,24 @@
-
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: IAuthenticator.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+
 using System;
 using System.Security.Cryptography.X509Certificates;
 
diff --git a/src/PkiAuthenticator.csproj b/src/PkiAuthenticator.csproj
index 4e24a8a..22a4e92 100644
--- a/src/PkiAuthenticator.csproj
+++ b/src/PkiAuthenticator.csproj
@@ -26,8 +26,8 @@
   <ItemGroup>
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Serilog.Sinks.Console" Version="4.1.0" />
-    <PackageReference Include="VNLib.Hashing.Portable" Version="0.1.0-ci0052" />
-    <PackageReference Include="VNLib.Utils" Version="0.1.0-ci0052" />
+    <PackageReference Include="VNLib.Hashing.Portable" Version="0.1.0-ci0063" />
+    <PackageReference Include="VNLib.Utils" Version="0.1.0-ci0063" />
     <PackageReference Include="Yubico.YubiKey" Version="1.7.0" />
   </ItemGroup>
 
diff --git a/src/ProcessArguments.cs b/src/ProcessArguments.cs
index df683e5..4d1febd 100644
--- a/src/ProcessArguments.cs
+++ b/src/ProcessArguments.cs
@@ -1,4 +1,24 @@
-using System;
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: ProcessArguments.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+using System;
 using System.Linq;
 using System.Collections.Generic;
 
@@ -15,7 +35,6 @@ namespace PkiAuthenticator
         public bool Verbose => HasArg("-v") || HasArg("--verbose");
         public bool Debug => HasArg("-d") || HasArg("--debug");
         public bool Silent => HasArg("-s") || HasArg("--silent");
-        public bool RpMalloc => HasArg("--rpmalloc");
         public bool DoubleVerbose => Verbose && HasArg("-vv");
 
         public bool LogHttp => HasArg("--log-http");
diff --git a/src/Program.cs b/src/Program.cs
index 230f950..8ff694c 100644
--- a/src/Program.cs
+++ b/src/Program.cs
@@ -1,4 +1,24 @@
-using System;
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: Program.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+using System;
 
 using VNLib.Utils.Logging;
 
@@ -6,7 +26,7 @@ using static PkiAuthenticator.Statics;
 
 namespace PkiAuthenticator
 {
-    internal class Program
+    internal sealed class Program
     {
         public const string JWK_EXPORT_TEMPLATE = "You may copy your JWK public key\n\n{pk}\n";
         public const string TOKEN_PRINT_TEMPLATE = "You may copy your authentication token \n\n{tk}\n";
@@ -14,14 +34,19 @@ namespace PkiAuthenticator
         public const string SOFTWARE_PASSWORD_VAR_NAME = "CERT_PASSWORD";
         public const string PEM_EXPORT_TEMPLATE = "You may copy your public key\n\n{cert}\n";
 
-        const string HELP_MESSAGE = 
-@$" VAuth Copyright (c) Vaughn Nugent
-    Usage: vauth.exe <args>
+        const string HELP_MESSAGE = @$"
+    vauth Copyright © Vaughn Nugent <vnpublic@proton.me> https://www.vaughnnugent.com/resources/software
 
-        No args: Connects to the first PIV enabled YubiKey and requests slot 0x9a 
-                 sign a new authentication message for the default usename (cert CN),
-                 prompts the user for a pin (if enabled on device) and prints the 
-                 signed JWT authentication token to STDOUT.
+    Usage: vauth <flags>
+
+    A cross-platform hardware (YubiKey) or software backed authenticator for generating short lived 
+    OTPs for VNLib.Plugins.Essentials.Accounts enabled servers. This tool generates a signed Json Web 
+    Token (JWT) that can be used as a single factor authentication method for accounts that have a stored
+    public key. Currently the plugin requires JSON Web Keys (JWK) format for public keys. It requires
+    serial numbers, key-ids, and the public key itself, x509 is not used. You may use the --export
+    flag to export this public key in the required JWK format. This tool currently supports YubiKey
+    as a hardware authenticator, and PEM encoded x509 certificates as a software authenticator. You 
+    may use this tool to list your connected YubiKey devices, and their serial numbers.
         
     Command flags:
         
@@ -50,13 +75,14 @@ namespace PkiAuthenticator
         --private-key   <file>  The path to the private key file, may be password protected.
                                 This flag is only required in software mode.
 
-        --password <password?>  The password string (utf8 decoded) used to decrypt the PEM 
-                                private key file. WARNING! You should avoid using this flag 
-                                unless you have cli history disabled, otherwise your password 
-                                may be recovered from your history file. This allows you to 
-                                automate the authentication process. NOTE: consider setting the 
-                                {SOFTWARE_PASSWORD_VAR_NAME} environment variable before starting the 
-                                process instead.
+        --password <password?>  Set this flag if your private key is password protected. 
+                                The password string (utf8 decoded) used to decrypt the PEM 
+                                private key file. WARNING! You should avoid setting your password 
+                                after this flag unless you have cli history disabled, otherwise 
+                                your password may be recovered from your shell history file. This 
+                                allows you to automate the authentication process. NOTE: consider 
+                                setting the {SOFTWARE_PASSWORD_VAR_NAME} environment variable before 
+                                starting the process instead of supplying the password as a flag.
 
         --key        <serial>   Allows you to specify the serial number (int32) of the exact
                                 YubiKey to connect to if multiple keys are connected. (PIV must
@@ -76,7 +102,7 @@ namespace PkiAuthenticator
                                 required operations, a --pin flag must be set, or set the {YUBIKEY_PIN_ENV_VAR_NAME} 
                                 env variable. If an op error occurs, an exit code is returned.
 
-        -v, --verbose           Enables verbose logging to be writtento STDOUT, is overridden
+        -v, --verbose           Enables verbose logging to be written to STDOUT, is overridden
                                 by silent mode, and will override -d debug mode.
 
         -d, --debug             Enables debug logging to be written to STDOUT, is overridden by 
@@ -106,12 +132,12 @@ namespace PkiAuthenticator
             vauth.exe                       # default cert CN usename
             vauth.exe -u 'name@example.com' # specify username
             vauth.exe --key 1111111         # specify hardware key serial numer
-            vauth.exe -s > token.txt        # write token to a text file
+            vauth.exe -s > token.txt        # write token to a text file w/ silent mode
             vauth.exe --piv-slot 9C         # specify a differnt PIV slot on the yubikey (in hex)
             
             #software mode
             vauth.exe --software 'cert.pem' --private-key 'priv.pem'
-            vauth.exe --software 'cert.pem' --private-ke 'priv.pem' --password 'mypassword'
+            vauth.exe --software 'cert.pem' --private-key 'priv.pem' --password 'mypassword'
     
         Export public key:
             vauth.exe --export              # for JWK output
@@ -132,7 +158,7 @@ namespace PkiAuthenticator
                 return 0;
             }
 
-            Log.Information("vauth (c) 2023 Vaughn Nugent");
+            Log.Information("vauth © 2023 Vaughn Nugent");
 
             int exitCode = 1;
             try
@@ -146,11 +172,15 @@ namespace PkiAuthenticator
                     //Only continue if authenticator successfully initialized
                     if (CliArgs.HasArg("--list-devices"))
                     {
+                        Log.Verbose("Gathering device information");
+
                         //List devices flag
                         exitCode = authenticator.ListDevices();
                     }
                     else if (CliArgs.HasArg("-e") || CliArgs.HasArg("--export"))
                     {
+                        Log.Verbose("Exporting public key");
+
                         //Check for pem encoding flag
                         if (CliArgs.HasArg("pem"))
                         {
@@ -195,7 +225,7 @@ namespace PkiAuthenticator
                 }
             }
 
-            Log.Information("Exiting...");
+            Log.Verbose("Exiting...");
 
             return exitCode;
         }
diff --git a/src/SoftwareAuthenticator.cs b/src/SoftwareAuthenticator.cs
index 0972373..f147113 100644
--- a/src/SoftwareAuthenticator.cs
+++ b/src/SoftwareAuthenticator.cs
@@ -1,8 +1,27 @@
-using System;
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: SoftwareAuthenticator.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+using System;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 
-using VNLib.Hashing;
 using VNLib.Utils;
 using VNLib.Utils.IO;
 using VNLib.Utils.Logging;
@@ -42,6 +61,8 @@ namespace PkiAuthenticator
         ///<inheritdoc/>
         public bool Initialize()
         {
+            Log.Debug("Using software authenticator");
+
             //try to import the certificate file
             string? cerFilePath = CliArgs.GetArg("--software");
             if(cerFilePath == null)
@@ -232,7 +253,6 @@ namespace PkiAuthenticator
 
                         return written;
                     }
-                    break;
                 case PivAlgorithm.EccP256:
                 case PivAlgorithm.EccP384:
                     {
diff --git a/src/Statics.cs b/src/Statics.cs
index 56e3e25..c27b27a 100644
--- a/src/Statics.cs
+++ b/src/Statics.cs
@@ -1,4 +1,24 @@
-using System;
+/*
+* Copyright (c) 2023 Vaughn Nugent
+* 
+* Package: PkiAuthenticator
+* File: Statics.cs 
+*
+* PkiAuthenticator is free software: you can redistribute it and/or modify 
+* it under the terms of the GNU General Public License as published
+* by the Free Software Foundation, either version 2 of the License,
+* or (at your option) any later version.
+*
+* PkiAuthenticator is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+* General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License 
+* along with PkiAuthenticator. If not, see http://www.gnu.org/licenses/.
+*/
+
+using System;
 using System.Linq;
 using System.Text;
 using System.Buffers;
@@ -64,7 +84,6 @@ namespace PkiAuthenticator
         /// Generats a signed VNLib authentication toke, used to authenticate against 
         /// web applications using the YubiKey
         /// </summary>
-        /// <param name="session"></param>
         /// <returns>The process exit code returning the status of the operation.</returns>
         public static int GenerateOtp(this IAuthenticator authenticator)
         {