Homebrewn solution for comfortably turning OTP secrets into access tokens from the command line
Go to file
Érico Nogueira 19e26d42a9 Add comment to cbc-file about IV length. 2021-11-15 23:14:48 -03:00
.github/workflows Fix CI. 2020-12-04 18:25:02 -03:00
ci Add CI. 2020-11-04 02:12:23 -03:00
.gitignore Create initial encryption script. 2020-10-09 00:25:20 -03:00
LICENSE Add README and license. 2020-10-09 00:48:22 -03:00
README.md Install cbc-file in bin. 2020-10-09 01:14:16 -03:00
cbc-file.c Add comment to cbc-file about IV length. 2021-11-15 23:14:48 -03:00
encrypt-otp.in Install cbc-file in bin. 2020-10-09 01:14:16 -03:00
get-otp.in Support alternative finders. 2021-10-24 23:13:28 -03:00
makefile Install cbc-file in bin. 2020-10-09 01:14:16 -03:00

README.md

get-otp

This repository holds a combination of tools that can be used to (comfortably) generate TOTP 2FA access tokens on the desktop, instead of depending on a phone app.

get-otp

Main tool, depends on:

It will use the cbc-file executable from this project to decrypt a ~/.local/share/otp_accounts file, whose decrypted contents should be in the same format as exported by andOTP. It can then run a menu, using fzf, to let you choose the account for which you want an access token. If running on Wayland, the token will also be copied to the clipboard.

$ get-otp [account_name]

encrypt-otp

This tool doesn't depend on anything besides cbc-file. What it does is encrypt the file passed to it (which should be in the format exported by andOTP, as mentioned above) and put the encrypted file in the correct place.

$ encrypt-otp otp_accounts.json

cbc-file

Mostly hidden utility, does the encryption magic. Despite the name, uses ChaCha20+Poly1305 for encryption, as implemented by BearSSL, together with argon2 for key derivation.

Both of the mentioned libraries are necessary for building this utility. On Linux, a kernel which implements the getrandom(2) syscall is necessary, since it is the backend for getentropy(3), which is the only random number backend implemented.

Disclaimer

This is experimental code and ideas, and shouldn't be put anywhere near any sort of production. However, I am open to suggestions and improvements, so feel free to reach out.