Generate OTP-tokens, like Google Authenticator
Put your key in .otpkeys You can put as many spaces as you want to, it doesn't matter. For example, this
myKey= J VQW O2 LDKB X X IYLUN 5JW65L Q
will work. You can ofcourse choose not to have any spaces, which works just as well.
This is the actual script that will generate your TOTP or HOTP based on your secrets found in the .otpkeys-file. By default it will look for this file in $HOME/.otpkeys but you can specify a different place with arguments. Or edit the file on line 14 to your wanted place.
To run the script first do
chmod +x otp.py
you can then run it with
./otp.py test
The argument test is the keyword for which key to use. To use the above key with all the spaces, the line would look like
./otp.py myKey
Another note: you could write
./otp.py my
And get the same result. We could not write Key however, the matching is only done at the beginning of the word. Similarily, you can't write yKe.
There are two methods: get_totp_token(key) and get_hotp_token(key, interval).
get_totp_token(key) works just like Google Authenticator. Every 30 seconds, a new token will be generated.
get_hotp_token(key, interval) does all the heavylifting. It decodes the key (like what you put in .otpkeys) to get the real and actual key (the one used in this readme translate to MagicPotatoSoup btw).
Then it goes on to create a "message", really it just translates the interval to the correct format.
It goes on to greate a message digest of the decoded key and the formated interval. The digest is translated to its ASCII value and ANDs that to 15 (magic number).
The result is then used with the magic (struct.unpack(">I", messageDigest[ASCIIvalue:ASCIIvalue+4])[0] & 0x7fffffff) % 1000000, which, tbh, I found while researching the Authenticator.
Then we make sure to pad with zeros at the front if the result is less than six digits. And then we split the result into two three digit parts to make it easier to read.
The result of that is the token and is returned.
totp == Time-basde One-time Password Algorithm Set an interval, and generate a password.
hotp == HMAC-based One-time Password Algorithm
This blog explains it neatly: http://blogs.forgerock.org/petermajor/2014/02/one-time-passwords-hotp-and-totp/
The reason for bulding this as simple: I don't have a smartphone. I don't plan on getting one. But I need the autehnticator stuff for VPNs and whatnots.
There are several softwares to do this thing, like authy or winauth. However, I don't know what (and if) more they do than give me the number. This solution is open. You can see that there is no hidden code that gathers info or something.
Another nice feature: It works on Linux and Windows+Cygwin! And I'm pretty sure it works on OSX as well, but that's untested.
For whatever reason you have, use it as you wish.
- Encrypt .otpkeys so they're not in plaintext. Use
source .otpkeysto get the keys perhaps?