- Notifications
You must be signed in to change notification settings - Fork1
A Simple "google authenticator" / TOTP client tool
License
unix4fun/g
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A Simple "google authenticator" / TOTP client tool
a simple TOTP / google authenticator client.it will generate TOTP tokens for the configured accounts and secure data at rest.
WARNINGThis is a project in development, some trivial backup/rollback strategies are being implemented,but it seems reliable enough that i use it everyday on various accounts.
make sure you have a properly installedgolang and $GOPATH etc..then :
$ go get github.com/unix4fun/g$ g -hUsage of g: -add string add entry <name> -dec decrypt PEM file and output on stdout -digit int TOTP token size (valid: {6,7,8}) (default 6) -enc encrypt PEM file and output on stdout -hmac string TOTP hmac function (valid {sha1|sha256|sha512}) (default: sha1) (default "sha1") -init initialize the PEM file (will truncate if existing) -pass update PEM file password -pem string PEM filename to use (default "/home/rival/.config/g.pem") -period int TOTP window (default: 30) (default 30) -qr string scan & add from QRcode image file -rm string remove entry <name> -sec string TOTP shared secret (valid: len>0) -upd string update entry <name>the default secret storage lies in ~/.config/g.pem but you can ALWAYS give the pem file you want to operate on by using:
... -pem <pemfile>to access your tokens, you will be asked your password/passphrase whatever..
$ g -initInit Password: <type your password>Retype Init Password: <type your password again>Save the QRcode PNG file then thanks to anexternal qrdecoding module we can read QR code directly,note that it has not been extensively tested yet.
$ g -qr /path/to/qrcode.pngqr code add: /path/to/qrcode.pngPassword:like you're setting up your 2FA for your gmail account.WARNINGRemember if you have an history file, THIS WILL BE IN YOUR HISTORY.Most shells allows to execute a command without being history logged check your shell documentation.
Example, for now with bash, you can tell history to NOT log this command:
export HISTIGNORE="g *"or setup a no history space prefix like :
export HISTCONTROL=ignorespaceand prefix your commands for token by a space.
This might be the reason for a format/editing change later.
$ g -add gmail -sec <google 2fa secret>Password:.. debug message to say it's ok...$ g Password:account | totp ---------- | ---- gmail | 357119[== ] TTLnow you can add all your tokens one by one when necessary.tokens by default adopts google authenticator baseline (sha1 / 6 digits)
but some services provides even higher baseline, like sha256 / 8 digits token, which is also supported:
$ g -add patatra -sec <my secret> -hmac sha256 -digit 8...$ gPassword:account | totp---------- | ----gmail | 707792patatra | 71997833[========= ] TTLtoken config are in a JSON format encrypted usingPEMAEADyou can decrypt them at any moment to peek if necessary and re-encrypt a payload as necessary too
$ g -decPassword:{ "gmail": { "secret": "proutpro", "hash": "sha1", "digit": 6 }, "patatra": { "secret": "geonimo", "hash": "sha256", "digit": 8 }}No particular reason for using JSON, i guess i was brainwashed by the whole JSON crap craze everywhere instead of using a simpler format (CSV?), which mean i might move to a simpler format later, but the tool will manage to handle backward compatibility so don't worry.
- remove debug messages.
- might move the secret input as a terminal input instead of command line (to avoid people leave their history full of secret)
- cleaner CLI.
- rewrite help messages.
- implement unit test everywhere.
- implement QR code reader (from jpg)