Skip to content

Gnoale/gotp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
backend
backend
 
 
cmd
cmd
 
 
dist
dist
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ga.jpg
ga.jpg
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
gotp.go
gotp.go
 
 
gotp.png
gotp.png
 
 
gotp_test.go
gotp_test.go
 
 
key.go
key.go
 
 

Repository files navigation

gotp

GitHub version

GoDoc

Golang secure storage for your 2FA secret from your terminal.

gotp has only been tested on Mac OS X (Mojave). It requires specific installation to be used with pass on Linux.

Context

Modern web services offer a 2-factor authentication as a complement of the traditional login/password method. This brings an additional security level, based on the Time-based One-Time Password (TOTP), because even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which expires quickly.

A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.

The TOTP specification (RFC-6238) describes the TOTP algorithm, as an time-based variant of the One-Time Password (OTP), namely the HMAC-based One-Time Password (HOTP) algorithm.

The TOTP is basicaly a hash-mac token computed from a shared key (generaly randomky generated) and seed with a 30-second valid timestamp. Lot's of mobile applications can provide such a service (Google Authenticator, ...)

When you wish to log into a 2FA protected service, you are asked to provide your credentials (login/password) then to enter the TOTP displayed on the application. The web service computed the same TOTP and make sure they are equal.

Motivation

I started using this security feature long time ago, and was happy using the Google Authenticator application on my mobile phone. Until I realized I forgot to export all the secret keys I use every day at work on my new phone, and was unable to connect to AWS console for a day.

That day, I wish I had a backup solution on my laptop. Then I started to wonder how I could implement a desktop application with a secure storage backend.

Usage

Download

Get the version for your OS here: download

Install as a command line tool

go get -u github.com/jtbonhomme/gotp/cmd/gotp

Linux - pass backend setup

In order to use the pass backend, you need to initialize it and specify which GPG encryption identity to use. For further informations, see the pass manual.

1 - find your GPG ID gpg --list-secret-keys --keyid-format LONG

uid                 [ultimate] you <[email protected]>
ssb   rsa4096/DF5E537CC91EF1CA 2020-03-06 [E]

2 - initialize the backend pass init DF5E537CC91EF1CA

All secrets will be stored under the root folder username:mfa

Add a key

The shared secret shall be in the base-32 format.

gotp add -key=gmail -value=KZAUYVKFGA======

Get a code

The code read is copied to the clipboard.

gotp get -key=AWS
code: 585146 (copied to clipboard)

List all keys

gotp list

Delete a key

gotp del -key=gmail

The secure KeyChain

gotp uses the keyring library to store the

Todo

  • Add an update function, to change key name
  • Add tests on different OS.

Contributing

gotp accepts Pull Requests! Feel free to add your own features, improve documentation or add tests.

References

About

Golang CLI authenticator for Multi Factor Authentication

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • Go 100.0%