otp.sh

Shell script to generate Time Based One Time Password (TOTP) which is used for 2 Factor Authentication by many services.

The below is a guide to safely store the OTP secret and a shell script to generate the TOTP into clipboard for use to authenticate with many online services.

Requirements

• GNUPG v2
• oathtool
• xclip

Install

~# apt install gnupg2 oathtool xclip

Encrypt OATH secret with symmetric key

gpg2 --batch -a -c --passphrase 'passhere' --cipher-algo AES256 --no-symkey-cache secret.txt

or

gpg2 -a -c --cipher-algo AES256 --no-symkey-cache secret.txt

this gives secret.txt.asc. Delete the original secret.txt or move it to an encrypted backup drive.

Decrypt and pipe to OATHTOOL

gpg2 -o - -d -q --no-symkey-cache secret.txt.asc | oathtool -b --totp -

or

gpg2 -o - -d -q --no-symkey-cache secret.txt.asc | oathtool -b --totp - | xclip -i -sel clip -r 

Or using the included otp.sh script

Help

~$ ./otp.sh -h
./otp.sh /path/to/file.asc

Example Use

~$ ./otp.sh secret.txt.asc 
Enter passphrase

Passphrase: 

Go to webpage and do Ctrl + v to paste in the OTP

Additional notes about most TOTP implementations

1. the input secret is base32 by default
2. the output is 6 digits OTP by default
3. the TOTP time-step duration is 30 seconds by default