Example fake:ORUGS4ZNNFZS2YJNMZQWWZJNNNSXS=Īlso-fake:ORUGS4ZNNFZS2YLMONXS2ZTBNNSQ=Įncrypt this file of name and key associations with gpg in ASCII-armor format with yourself as the recipient and save the output file as ~/.otpkeys. Think of these as an associative array or dictionary where the lookup key is a memorable name and the value is a base32 encoded OATH key. You then need to create a plain text file that contains key:value pairs. In order to use my script you need to already have gnupg installed and configured with a private key. Otpkey= `gpg -batch -decrypt " $otpkeys_path " 2> /dev/null | grep "^ $1: " | cut -d ": " -f 2 | sed "s/ //g " `Įcho " $scriptname: TOTP key name not found " >&2 echo "do: gpg -encrypt -recipient your-email -armor ~/.otpkeys " >&2 echo " $WARNING: unencrypted ~/.otpkeys " >&2 echo "You need to create $otpkeys_path " "Įcho "MacPorts: port install oath-toolkit " ![]() opkeys.asc "Įcho "Optionally set OTPKEYS_PATH environment variable to GPG "Įcho "with path to GPG encrypted name:key file. ![]() Save this script as an executable file in your path such as /usr/local/bin/otp.Įcho "Preferably encrypt with gpg -armor to create. I always take a screen shot of these QR Codes and keep them stored in a safe place. Their enrollment process typically involves scanning a QR Code to enroll a new private key into Google Authenticator or other OATH client. Pro Tip: Most sites don’t intend you to have more than one token that generates passwords. I’m using oathtool from oath-toolkit to generate the on-time code.The encrypted key file can by synchronized between computers using an untrusted service like DropBox or Google Drive as long as the private GPG key is kept secure.My OTP keys are stored in a file that is encrypted with gnupg and only decrypted momentarily to generate the codes.I put together an old-school Bourne Shell script that does the job: I also want to have reasonable confidence that the system is secure. ![]() I spend a lot of my time working on a trusted computer and I want to be able to generate the TOTP codes easily from that without having to use my phone. I have over a dozen of these and dragging my phone out every time I need a 2-factor token is a real pain. I have been using a time-based one time password (TOTP) generator on my phone with my clod-based accounts at Google, Amazon AWS, GitHub, Microsoft - every service that supports it - for years now.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |