commit e491e3188409e63e90f34be8afcb6ddf7f1a7ef6
parent 821d866b545d685158abac329229d57d8495c2da
Author: Santtu Lakkala <inz@inz.fi>
Date: Thu, 11 Feb 2021 08:18:23 +0000
TOTP tokens on desktop
Diffstat:
1 file changed, 16 insertions(+), 0 deletions(-)
diff --git a/posts/totp-tokens-on-desktop.md b/posts/totp-tokens-on-desktop.md
@@ -0,0 +1,16 @@
+# TOTP tokens on desktop
+
+If, like me, your phone may not always be in arms reach (or in a known location), you may sometimes get frustrated with 2FA tokens: look for the phone, look for the app, memorize the token, start writing, re-check the code, finish writing, make a typo, wash, rinse, repeat.
+
+So I thought why wouldn't I have the tokens stored also on the computer, encrypted. Turns out, there are a couple of options in Ubuntu repos already, namely gnome-authenticator and otpclient. These, while working, seemed like a too big of a hammer for my preferred use, so I wrote a little script to grab a generated TOTP key for a service. I didn't want to go inventing a new file format or use a database, so I just used a list of URIs in [key uri format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format), which can handily be exported from FreeOTP+, only encrypted with AES256.
+
+The [resulting script](https://inz.fi/p/totp.bash) uses dmenu for passphrase querying, openssl CLI tool for decryption, xclip for putting the result on the clipboard and notify-send for error reporting.
+
+To create the encrypted file, use something like:
+
+ mkdir ~/.local/share/totp
+ openssl aes256 -in [listfile] -out ~/.local/share/totp/keys.txt.encrypt
+
+Then run the totp script with argument specifying which key you intend to use.
+
+Adjust the dmenu colors to suit your fancy.
