totp

Simple cli tool for storing TOTP secrets and generating tokens
git clone https://git.inz.fi/totp/
Log | Files | Refs | Submodules

totp.1 (2573B)

      1 .Dd Jul 2, 2021
      2 .Dt TOTP 1
      3 .Os
      4 .
      5 .Sh NAME
      6 .Nm totp
      7 .Nd authentication token manager
      8 .
      9 .Sh SYNOPSIS
     10 .Nm
     11 .Bk -words
     12 .Op Fl k Ar passphrase
     13 .Op Fl K Ar file
     14 .Op Fl l
     15 .Op Fl a Ar uri
     16 .Op Fl d Ar filter
     17 .Op Fl t Ar filter
     18 .Op Fl e
     19 .Op Fl T Ar time
     20 .Op Fl f Ar file
     21 .Ek
     22 .
     23 .Sh DESCRIPTION
     24 .Bd -filled
     25 .Nm
     26 is a TOTP secret manager and token generator.
     27 .Ed
     28 .
     29 .Sh OPTIONS
     30 totp options:
     31 .Bl -tag -width -k_passphrase
     32 .
     33 .It Fl k Ar passphrase
     34 Use provided passphrase for encrypting and decrypting the secret database.
     35 .
     36 .It Fl K Ar file
     37 Read encryption/decryption passphrase from file, - for standard input.
     38 .
     39 .It Fl l
     40 List names and providers of all secrets in database.
     41 .
     42 .It Fl a Ar uri
     43 Add uri to secrets database.
     44 .
     45 .It Fl d Ar filter
     46 Remove secrets from database that match filter.
     47 .
     48 .It Fl t Ar filter
     49 Generate authentication tokens with all secrets that match filter.
     50 .
     51 .It Fl e
     52 Export all secrets from database as uris. Exported uris will also explicitly
     53 contain default values.
     54 .
     55 .It Fl T Ar time
     56 Use time as current unix timestamp. Mainly intended for testing purposes.
     57 .
     58 .It Fl f Ar file
     59 Use file as secrets database (default: ~/.local/share/totp/secrets.db). On
     60 modifying operations, the contained directory must also be writable.
     61 
     62 .Sh URI FORMAT
     63 URIs follow the google-authenticator Key Uri Format with otpauth protocol:
     64 otpauth://totp/accountname?secret=<secret>
     65 .
     66 The secret should be encoded in RFC3548 Base32 format, without padding.
     67 Supported URI query string parameters:
     68 .Bl -tag -width "algorithm"
     69 .It Ar issuer
     70 Defines the issuing organisation of the secret. If also defined as part of the
     71 path, values must match. Optional.
     72 .It Ar algorithm
     73 Defines the digest algorithm used to generate tokens, should be one of SHA1,
     74 SHA256, SHA512; defaults to SHA1.
     75 .It Ar digits
     76 Defines how many digits the generated token should have, should be in range
     77 6-8, inclusive.
     78 Defaults to 6.
     79 .It Ar period
     80 Defines the validity period of a token in seconds. Defaults to 30. Normally
     81 15, 30 or 60.
     82 .
     83 .Sh FILTER
     84 In deletion and token generation the secret is chosen by matching the
     85 accountname against the provided filter. The matching is done with fnmatch()
     86 so asterisks can be used, but the accountname must fully match the filter.
     87 For substring matches, use leading and trailing asterisks.
     88 .
     89 If an issuer is present, then it will be included in the matching as issuer:
     90 -prefix.
     91 .
     92 .Sh KNOWN BUGS
     93 If multiple secrets match a filter in token generation, a token will be
     94 generated with each, in the same order as the keys were added. There is no
     95 output indicating which key was used.
     96