otp-cli

Description

One-Time Password generator tool using oathtool.

It works like Authy and Google Authenticator, but for command line.

Works on any shell (Tested on sh, bash and zsh).

Automatically copies the token into your computer's copy buffer. Just paste it anywhere.

This tool supports both encrypted and plain-text token files.

Requirements

• oathtool (http://www.nongnu.org/oath-toolkit/)
• OpenSSL

Required to send to copy buffer

• xclip (Linux/Debian/*BSD)
• pbcopy (MacOS)

Ps.: You can still generate and print OTP without those tools

Setup

oathtool

• Ubuntu/Debian

apt install coreutils
apt install oathtool

• MacOS

brew install coreutils
brew install oath-toolkit

• FreeBSD

pkg install coreutils
pkg install oath-toolkit

• OpenBSD

pkg_add coreutils
pkg_add oath-toolkit

Clone the project

git clone [email protected]:rfocosi/otp-cli.git

Add system wide (optional)

• Inside project's root:

sudo ln -s $( echo "$( pwd )/otp-cli" ) /usr/local/bin/otp-cli

Usage

When you run any command for the first time, it will create a new directory on:

$HOME/.otp-cli/tokens/

Where it will store the added tokens and config file.

Ex.:

$ ./otp-cli add my_token <secret_key>
An empty password will not lock the file
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token.enc]

$ ./otp-cli show my_token
OTP Password: <hidden>
[15] 923842

$ ./otp-cli clip my_token
OTP Password: <hidden>
Sent to clipboard!

Config file

The config file is generated, after first run, on <$HOME>/.otp-cli/config

Example file:

#!/bin/sh

## This is an example config file
## All configurations done here will be interpreted as a SH script

## Remaining seconds to wait for next OTP
#WAIT_FOR_NEXT=5

## Fix if the current directory can't be found
#CURRENT_DIR=$HOME/.otp-cli/

## Disables permissions Warning
#PERMISSION_WARN=0

Add a token

Usage: otp-cli add [-h] [Token Name] [Token Key]

If [Token Name] or [Token Key] are empty, they will be prompted.

If the password is empty, the token will be a plain text file.

Ex.:

$ ./otp-cli add
Token name: my_token
Token key: <hidden>

An empty password will not lock the file
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token.enc]

Show OTP

Usage: otp-cli show [-h] [-1] [-c] [-s] <Token Name>

 -1 : Get one password and exit.
 -c : Copy to clipboard.
 -s : Silent. Do not output anything to console.

Ex.:

$ ./otp-cli show my_token
OTP Password: <hidden>
[SS] DDDDDD

Where:

• [SS] is the seconds counter. A new OTP will be generated every 30 seconds.
• [DDDDDD] is the 6-digit One-Time-Password.

Copy to clipboard

Usage: otp-cli clip [-h] [-k] <Token Name>

 -k : Keep generating OTP.

Ex.:

$ ./otp-cli clip my_token
OTP Password: <hidden>

List added tokens

Usage: otp-cli list [-h]

List all added tokens. If token is encoded, it appears as [Encoded] on list.
If your token is (Deprecated), it is using the old cryptography method.
Use 'unlock' and 'lock' commands to fix it.

Ex.:

$ ./otp-cli list

Unlock token file

Usage: otp-cli unlock [-h] [Token Name]

If [Token Name] is empty, it will be prompted.

Ex.:

$ ./otp-cli unlock my_token
Password: <hidden>
Unlocked file [<$HOME>/otp-cli/tokens/my_token]

Lock token file

Usage: otp-cli lock [-h] [Token Name]

If [Token Name] is empty, they will be prompted

Ex.:

$ ./otp-cli lock my_token
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token]

Remove token

Usage: otp-cli remove [-h] [Token Name]

If [Token Name] is empty, it will be prompted.

Ex.:

$ ./otp-cli remove my_token
Removed file [<$HOME>/.otp-cli/tokens/my_token.enc]