A Time-based One-Time-Password tool for Go.
go get github.com/josegomezr/gotp
After that, just use the gotp command.
$ gotp -h
NAME:
gotp - A TOTP Server & Utility
USAGE:
gotp [global options] command [command options] [arguments...]
VERSION:
0.1.0
COMMANDS:
server, s Runs GOTP HTTP server
check, c Checks a TOTP code
gencode, g Generates a TOTP code
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--port value, -p value GOTP HTTP Server Port (default: "2444") [$PORT, $GOTP_PORT]
--host value GOTP HTTP Server Host (default: "localhost") [$HOST, $GOTP_HOST]
--secret value Secret key to check/generate the code against
--code value Code to be checked
--help, -h show help
--version, -v print only the version
The server expose 3 endpoints:
/codeGiven a Secret Key or Data Payload it will return a pin CODE./qrGiven a Secret Key or Data Payload it will return a QR image to use it with the Authenticator app./verifyGiven a Secret Key or Data Payload and a PIN code it will perform the check and output the result.
All the endpoints can:
- Respond to GET and POST verbs.
- Recieve input from:
- QueryString (only GET)
- JSON
- XML
- multipart/formdata
- plain old form data.
- Output in JSON, but it can be changed using the
Acceptheader to:- Plain Text (
text/plain) - XML (
text/xmlorapplication/xml)
- Plain Text (
The correct use case for an OTP authentication would be to use a secret key, which consist of a Base32 string. But to provide ease of integration, gotp can use an arbitary data (up to 128 bytes) as secret code, internally it'll:
- Hash the contents (
md5right now, although it could by any hash algo) - Base32-encode the result
And use the Base32 result as the secret key for then on.
- dgryski/dgoogauth - HOTP/TOTP Algorithm Implementation.
- gin-gonic/gin - golang HTTP web framework
- urfave/cli - CLI library
- stretchr/testify - Testing framework
PR's are welcome, I have literally no standard nor procedure. If your PR makes sense to me and all test pass, you're good to go.