One-Time Password generator tool using oathtool.
It works like Authy and Google Authenticator, but for command line.
Works on any shell (Tested on sh, bash and zsh).
Automatically copies the token into your computer's copy buffer. Just paste it anywhere.
This tool supports both encrypted and plain-text token files.
- oathtool (http://www.nongnu.org/oath-toolkit/)
- OpenSSL
- xclip (Linux/Debian/*BSD)
- pbcopy (MacOS)
Ps.: You can still generate and print OTP without those tools
- Ubuntu/Debian
apt install coreutils
apt install oathtool
- MacOS
brew install coreutils
brew install oath-toolkit
- FreeBSD
pkg install coreutils
pkg install oath-toolkit
- OpenBSD
pkg_add coreutils
pkg_add oath-toolkit
git clone git@github.com:rfocosi/otp-cli.git
- Inside project's root:
sudo ln -s $( echo "$( pwd )/otp-cli" ) /usr/local/bin/otp-cli
When you run any command for the first time, it will create a new directory on:
$HOME/.otp-cli/tokens/
Where it will store the added tokens and config file.
Ex.:
$ ./otp-cli add my_token <secret_key>
An empty password will not lock the file
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token.enc]
$ ./otp-cli show my_token
OTP Password: <hidden>
[15] 923842
$ ./otp-cli clip my_token
OTP Password: <hidden>
Sent to clipboard!
The config file is generated, after first run, on <$HOME>/.otp-cli/config
Example file:
#!/bin/sh
## This is an example config file
## All configurations done here will be interpreted as a SH script
## Remaining seconds to wait for next OTP
#WAIT_FOR_NEXT=5
## Fix if the current directory can't be found
#CURRENT_DIR=$HOME/.otp-cli/
## Disables permissions Warning
#PERMISSION_WARN=0
Usage: otp-cli add [-h] [Token Name] [Token Key]
If [Token Name] or [Token Key] are empty, they will be prompted.
If the password is empty, the token will be a plain text file.
Ex.:
$ ./otp-cli add
Token name: my_token
Token key: <hidden>
An empty password will not lock the file
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token.enc]
Usage: otp-cli show [-h] [-1] [-c] [-s] <Token Name>
-1 : Get one password and exit.
-c : Copy to clipboard.
-z : Only print OTP.
-s : Silent. Do not output anything to console.
Ex.:
$ ./otp-cli show my_token
OTP Password: <hidden>
[SS] DDDDDD
Where:
- [SS] is the seconds counter. A new OTP will be generated every 30 seconds.
- [DDDDDD] is the 6-digit One-Time-Password.
Usage: otp-cli clip [-h] [-k] <Token Name>
-k : Keep generating OTP.
Ex.:
$ ./otp-cli clip my_token
OTP Password: <hidden>
Usage: otp-cli list [-h]
List all added tokens. If token is encoded, it appears as [Encoded] on list.
If your token is (Deprecated), it is using the old cryptography method.
Use 'unlock' and 'lock' commands to fix it.
Ex.:
$ ./otp-cli list
Usage: otp-cli unlock [-h] [Token Name]
If [Token Name] is empty, it will be prompted.
Ex.:
$ ./otp-cli unlock my_token
Password: <hidden>
Unlocked file [<$HOME>/otp-cli/tokens/my_token]
Usage: otp-cli lock [-h] [Token Name]
If [Token Name] is empty, they will be prompted
Ex.:
$ ./otp-cli lock my_token
Password: <hidden>
Confirm password: <hidden>
Created [<$HOME>/.otp-cli/tokens/my_token]
Usage: otp-cli remove [-h] [Token Name]
If [Token Name] is empty, it will be prompted.
Ex.:
$ ./otp-cli remove my_token
Removed file [<$HOME>/.otp-cli/tokens/my_token.enc]