Simple cli tool for storing TOTP secrets and generating tokens
git clone
Log | Files | Refs | Submodules

commit fe3ac5b82b7a8a7630afdedfe354df37e837c71b
parent 05e32ad33737a0d76c628f31ccea0fd841ee85d8
Author: Santtu Lakkala <>
Date:   Fri,  2 Jul 2021 13:22:03 +0300

Add some documentation

MMakefile | 17++++++++++++++++-
Mmain.c | 2++
Atotp.1 | 83+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile @@ -5,7 +5,14 @@ OBJS = ${SOURCES:.c=.o} TEST_SOURCES = sha1.c sha256.c sha512.c util.c test.c TEST_OBJS = ${TEST_SOURCES:.c=.o} -all: totp +VERSION = 0.1 +PREFIX = /usr/local +BINDIR = ${PREFIX}/bin +MANDIR = ${PREFIX}/share/man/man1 + +NAME=totp + +all: ${NAME} totp: ${OBJS} ${CC} -o $@ ${OBJS} ${LDFLAGS} @@ -18,3 +25,11 @@ test: ${TEST_OBJS}; clean: rm ${OBJS} + +install: all + mkdir -p "${DESTDIR}${BINDIR}" + cp -f "${NAME}" "${DESTDIR}${BINDIR}" + chmod 755 "${DESTDIR}${BINDIR}/${NAME}" + mkdir -p "${DESTDIR}${MANDIR}" + cp -f "${NAME}.1" "${DESTDIR}${MANDIR}" + chmod 644 "${DESTDIR}${MANDIR}/${NAME}.1" diff --git a/main.c b/main.c @@ -412,6 +412,8 @@ void usage() { fprintf(stderr, "Usage: totp [OPTIONS]\n" + "-k <pass>\tpassphrase for database encryption\n" + "-K <file>\tread encryption passphrase from file\n" "-l\tlist known secrets\n" "-a <uri>\tadd uri to secrets\n" "-d <filter>\tremove secrets matching filter\n" diff --git a/totp.1 b/totp.1 @@ -0,0 +1,83 @@ +.Dd Jul 2, 2021 +.Dt TOTP 1 +.Os +. +.Sh NAME +.Nm totp +.Nd authentication token manager +. +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl k Ar passphrase +.Op Fl K Ar file +.Op Fl l +.Op Fl a Ar uri +.Op Fl d Ar filter +.Op Fl t Ar filter +.Op Fl e +.Ek +. +.Sh DESCRIPTION +.Bd -filled +.Nm +is a TOTP secret manager and token generator. +.Ed +. +.Sh OPTIONS +totp options: +.Bl -tag -width -k_passphrase +. +.It Fl k Ar passphrase +Use provided passphrase for encrypting and decrypting the secret database. +. +.It Fl K Ar file +Read encryption/decryption passphrase from file, - for standard input. +. +.It Fl l +List names and providers of all secrets in database. +. +.It Fl a Ar uri +Add uri to secrets database. +. +.It Fl d Ar filter +Remove secrets from database that match filter. +. +.It Fl t Ar filter +Generate authentication tokens with all secrets that match filter. +. +.It Fl e +Export all secrets from database as uris. +. +.Sh URI FORMAT +URIs follow the google-authenticator Key Uri Format with otpauth protocol: +otpauth://totp/accountname?secret=<secret> +. +The secret should be encoded in RFC3548 Base32 format, without padding. +Supported URI query string parameters: +.Bl -tag -width "algorithm" +.It Ar issuer +Defines the issuing organisation of the secret. +.It Ar algorithm +Defines the digest algorithm used to generate tokens, should be one of SHA1, +SHA256, SHA512; defaults to SHA1. +.It Ar digits +Defines how many digits the generated token should have, should be 6 or 8. +Defaults to 6. +.It Ar period +Defines the validity period of a token in seconds. Defaults to 30. +. +.Sh FILTER +In deletion and token generation the secret is chosen by matching the +accountname against the provided filter. The matching is done with fnmatch() +so asterisks can be used, but the accountname must fully match the filter. +For substring matches, use leading and trailing asterisks. +. +If an issuer: prefix is present in accountname during addition, then it will +be included in the matching, but a query string parameter issuer is excluded. +. +.Sh KNOWN BUGS +If multiple secrets match a filter in token generation, a token will be +generated with each, in the same order as the keys were added. There is no +output indicating which key was used. +