A simple CLI tool for generating OTP for 2FA

What's this

A simple command line tool to generate a One Time Password to perform Two-Factor Authentication, something everyone should use if available.

Why

I've always used Google Authenticator to generate OTP tokens. Now my phone has died. Since I'm always at a command line, an easy way to generate OTPs is using the same workstation I'm already on.

Pay attention that in order to generate an OTP, a secret key stored on the computer/device is needed. If this key is stolen, anyone can generate keys for you.

In order to mitigate this security issue, the keys should be stored as encrypted with GPG with a passphrase.

Installation and configuration

• Install oathtool, xclip and gpg
• Configure your GPG recipient in the script, editing GPG_RECIPIENT="<[email protected]>"
• Tested on Linux

Usage

• otp.sh edit to edit or create the keyring. Key format is "KEYNAME=aaabbbccc", ex. "amazon=aaabbbccc" The keyring default place will be $HOME/.otpkeys.gpg
• otp.sh service_name to generate an OTP for the service
• otp.sh service_name -c to copy the key directly into the main clipboad

Credits

• This kind guy on superuser that triggered the idea
• pass: a great utility to store securely your passwords offline, don't use cloud keyrings such as LastPass or any other similar product. Some code is verbatim borrowed from that script.
• My foolishness to push me to break my smartphone, so I discovered and learned something interesting.