Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit e491e3188409e63e90f34be8afcb6ddf7f1a7ef6
parent 821d866b545d685158abac329229d57d8495c2da
Author: Santtu Lakkala <>
Date:   Thu, 11 Feb 2021 08:18:23 +0000

TOTP tokens on desktop

Aposts/ | 16++++++++++++++++
1 file changed, 16 insertions(+), 0 deletions(-)

diff --git a/posts/ b/posts/ @@ -0,0 +1,16 @@ +# TOTP tokens on desktop + +If, like me, your phone may not always be in arms reach (or in a known location), you may sometimes get frustrated with 2FA tokens: look for the phone, look for the app, memorize the token, start writing, re-check the code, finish writing, make a typo, wash, rinse, repeat. + +So I thought why wouldn't I have the tokens stored also on the computer, encrypted. Turns out, there are a couple of options in Ubuntu repos already, namely gnome-authenticator and otpclient. These, while working, seemed like a too big of a hammer for my preferred use, so I wrote a little script to grab a generated TOTP key for a service. I didn't want to go inventing a new file format or use a database, so I just used a list of URIs in [key uri format](, which can handily be exported from FreeOTP+, only encrypted with AES256. + +The [resulting script]( uses dmenu for passphrase querying, openssl CLI tool for decryption, xclip for putting the result on the clipboard and notify-send for error reporting. + +To create the encrypted file, use something like: + + mkdir ~/.local/share/totp + openssl aes256 -in [listfile] -out ~/.local/share/totp/keys.txt.encrypt + +Then run the totp script with argument specifying which key you intend to use. + +Adjust the dmenu colors to suit your fancy.