A simple CLI tool for generating OTP for 2FA

What's this

A simple command line tool to generate a One Time Password to perform Two-Factor Authentication, something everyone should use if available.

Why

Since I'm always at a command line, an easy way to generate OTPs is using the same workstation I'm already on.

Pay attention that in order to generate an OTP, a secret key stored on the computer/device is needed. If this key is stolen, anyone can generate keys for you.

In order to mitigate this security issue, the keys should be stored as encrypted with GPG with a passphrase.

Installation and configuration

• Install oathtool for the OTP generate function
• Install yq to parse the config files
• Install bc to make calculations
• If using automatic clipboard action install xclip
• Install gpg to be able to encrypt the key file
• Configure your GPG recipient in the script, editing GPG_RECIPIENT="<[email protected]>"
• If using the QR code print function install qrencode

Usage

• otp -a edit to edit or create the keyring. The format for the config file is stored in YAML, and a sample looks like this

gmail:
  # valid totp or hotp
  type: totp
  # the key, no spaces
  otpSecret: aaabbbcccddd111222333
  # in case scaned in an app
  label: [email protected]
  # for the logo
  issuer: gmail
  # for the time period [optional]
  period: 30

For a valid issuer list check for example https://github.com/bilelmoussaoui/Authenticator/blob/master/data/data.json

The keyring default place will be `$HOME/.otpkeys.gpg`

• otp service_name to generate an OTP for the service
• otp service_name -a print-and-copy to copy the key directly into the main clipboad

Credits

• This kind guy on superuser that triggered the idea
• pass: a great utility to store securely your passwords offline, don't use cloud keyrings such as LastPass or any other similar product. Some code is verbatim borrowed from that script.