Skip to content

Gnoale/gotp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

gotp

GitHub version

GoDoc

Golang secure storage for your 2FA secret from your terminal.

gotp has only been tested on Mac OS X (Mojave). It requires specific installation to be used with pass on Linux.

Context

Modern web services offer a 2-factor authentication as a complement of the traditional login/password method. This brings an additional security level, based on the Time-based One-Time Password (TOTP), because even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which expires quickly.

A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.

The TOTP specification (RFC-6238) describes the TOTP algorithm, as an time-based variant of the One-Time Password (OTP), namely the HMAC-based One-Time Password (HOTP) algorithm.

The TOTP is basicaly a hash-mac token computed from a shared key (generaly randomky generated) and seed with a 30-second valid timestamp. Lot's of mobile applications can provide such a service (Google Authenticator, ...)

When you wish to log into a 2FA protected service, you are asked to provide your credentials (login/password) then to enter the TOTP displayed on the application. The web service computed the same TOTP and make sure they are equal.

Motivation

I started using this security feature long time ago, and was happy using the Google Authenticator application on my mobile phone. Until I realized I forgot to export all the secret keys I use every day at work on my new phone, and was unable to connect to AWS console for a day.

That day, I wish I had a backup solution on my laptop. Then I started to wonder how I could implement a desktop application with a secure storage backend.

Usage

Download

Get the version for your OS here: download

Install as a command line tool

go get -u github.com/jtbonhomme/gotp/cmd/gotp

Linux - pass backend setup

In order to use the pass backend, you need to initialize it and specify which GPG encryption identity to use. For further informations, see the pass manual.

1 - find your GPG ID gpg --list-secret-keys --keyid-format LONG

uid                 [ultimate] you <[email protected]>
ssb   rsa4096/DF5E537CC91EF1CA 2020-03-06 [E]

2 - initialize the backend pass init DF5E537CC91EF1CA

All secrets will be stored under the root folder username:mfa

Add a key

The shared secret shall be in the base-32 format.

gotp add -key=gmail -value=KZAUYVKFGA======

Get a code

The code read is copied to the clipboard.

gotp get -key=AWS
code: 585146 (copied to clipboard)

List all keys

gotp list

Delete a key

gotp del -key=gmail

The secure KeyChain

gotp uses the keyring library to store the

Todo

  • Add an update function, to change key name
  • Add tests on different OS.

Contributing

gotp accepts Pull Requests! Feel free to add your own features, improve documentation or add tests.

References

About

Golang CLI authenticator for Multi Factor Authentication

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 100.0%