bash-otp

One-Time Password generator for CLI using bash, oathtool.

Automatically copys the token into your computer’s copy buffer (MacOS only atm)

This is basically “Authy for the CLI”

This script supports both encrypted and plain-text token files, but my reccomendation is to use encryption.

Requirements

• oathtool (http://www.nongnu.org/oath-toolkit/)
• OpenSSL
• xclip (Linux)

Description

Set of bash shell scripts to generate OTP value from token using TOTP.

Usage

First ensure that there is a directory “tokenfiles” in the main dir where the script resides, and that this directory’s permissions are set to 700.

1. Create token file and encrypt it. Resulting file, “tokenfiles/tokenname.enc”, is an encrypted file containing the token
2. Put your token in a plaintext file in the tokenfiles/ directory:

     $ echo "1234567890abcdef" > tokenfiles/tokenname
   

3. Encrypt the file with the included shell script:

     $ ./otp-lockfile.sh tokenfiles/tokenname
     Password: (enter a good password)
   

4. Confirm it worked:

     $ ls tokenfiles/
     tokenname.enc
   

5. Run otp.sh; will produce roughly the following output:

   $ ./otp.sh tokenname
   Password:
   02: 123456
   

The number on the left is the seconds counter; a new TOTP token is generated every 30 seconds.

The number on the right is the 6-digit One-Time Password.

This will be copied directly into the paste buffer. Just press “Command-V” (or “CTRL-V” on Linux) to paste into a login dialog.

In case you want “tokenfiles” to reside in a different location, you can tell otp.sh to use this directory instead by exporting the BASH_OTP_TOKENFILES_DIR variable like so:

  $ export BASH_OTP_TOKENFILES_DIR=/path/to/secure/tokenfiles/dir

Contents

• Script to do the actual value generation
• Script to encrypt the token in a file
• Script to decrypt same
• Empty “tokenfiles/” directory