totp.html - www.codemadness.org - www.codemadness.org saait content files
(HTM) git clone git://git.codemadness.org/www.codemadness.org
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
totp.html (4109B)
---
1 <!DOCTYPE html>
2 <html dir="ltr" lang="en">
3 <head>
4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
5 <meta http-equiv="Content-Language" content="en" />
6 <meta name="viewport" content="width=device-width" />
7 <meta name="keywords" content="oauthtool, zbarimg, totp, 2FA, authenticator" />
8 <meta name="description" content="Using 2FA TOTP without crappy authenticator apps" />
9 <meta name="author" content="Hiltjo" />
10 <meta name="generator" content="Static content generated using saait: https://codemadness.org/saait.html" />
11 <title>2FA TOTP without crappy authenticator apps - Codemadness</title>
12 <link rel="stylesheet" href="style.css" type="text/css" media="screen" />
13 <link rel="stylesheet" href="print.css" type="text/css" media="print" />
14 <link rel="alternate" href="atom.xml" type="application/atom+xml" title="Codemadness Atom Feed" />
15 <link rel="alternate" href="atom_content.xml" type="application/atom+xml" title="Codemadness Atom Feed with content" />
16 <link rel="icon" href="/favicon.png" type="image/png" />
17 </head>
18 <body>
19 <nav id="menuwrap">
20 <table id="menu" width="100%" border="0">
21 <tr>
22 <td id="links" align="left">
23 <a href="index.html">Blog</a> |
24 <a href="/git/" title="Git repository with some of my projects">Git</a> |
25 <a href="/releases/">Releases</a> |
26 <a href="gopher://codemadness.org">Gopherhole</a>
27 </td>
28 <td id="links-contact" align="right">
29 <span class="hidden"> | </span>
30 <a href="feeds.html">Feeds</a> |
31 <a href="pgp.asc">PGP</a> |
32 <a href="mailto:hiltjo@AT@codemadness.DOT.org">Mail</a>
33 </td>
34 </tr>
35 </table>
36 </nav>
37 <hr class="hidden" />
38 <main id="mainwrap">
39 <div id="main">
40 <article>
41 <header>
42 <h1>2FA TOTP without crappy authenticator apps</h1>
43 <p>
44 <strong>Last modification on </strong> <time>2022-10-29</time>
45 </p>
46 </header>
47
48 <p>This describes how to use 2FA without using crappy authenticator "apps" or a
49 mobile device.</p>
50 <h2>Install</h2>
51 <p>On OpenBSD:</p>
52 <pre><code>pkg_add oath-toolkit zbar
53 </code></pre>
54 <p>On Void Linux:</p>
55 <pre><code>xbps-install oath-toolkit zbar
56 </code></pre>
57 <p>There is probably a package for your operating system.</p>
58 <ul>
59 <li>oath-toolkit is used to generate the digits based on the secret key.</li>
60 <li>zbar is used to scan the QR barcode text from the image.</li>
61 </ul>
62 <h2>Steps</h2>
63 <p>Save the QR code image from the authenticator app, website to an image file.
64 Scan the QR code text from the image:</p>
65 <pre><code>zbarimg image.png
66 </code></pre>
67 <p>An example QR code:</p>
68 <p><img src="downloads/2fa/qr.png" alt="QR code example" /></p>
69 <p>The output is typically something like:</p>
70 <pre><code>QR-Code:otpauth://totp/Example:someuser@codemadness.org?secret=SECRETKEY&issuer=Codemadness
71 </code></pre>
72 <p>You only need to scan this QR-code for the secret key once.
73 Make sure to store the secret key in a private safe place and don't show it to
74 anyone else.</p>
75 <p>Using the secret key the following command outputs a 6-digit code by default.
76 In this example we also assume the key is base32-encoded.
77 There can be other parameters and options, this is documented in the Yubico URI
78 string format reference below.</p>
79 <p>Command:</p>
80 <pre><code>oathtool --totp -b SOMEKEY
81 </code></pre>
82 <ul>
83 <li>The --totp option uses the time-variant TOTP mode, by default it uses HMAC SHA1.</li>
84 <li>The -b option uses base32 encoding of KEY instead of hex.</li>
85 </ul>
86 <p>Tip: you can create a script that automatically puts the digits in the
87 clipboard, for example:</p>
88 <pre><code>oathtool --totp -b SOMEKEY | xclip
89 </code></pre>
90 <h2>References</h2>
91 <ul>
92 <li><a href="https://linux.die.net/man/1/zbarimg">zbarimg(1) man page</a></li>
93 <li><a href="https://www.nongnu.org/oath-toolkit/man-oathtool.html">oathtool(1) man page</a></li>
94 <li><a href="https://datatracker.ietf.org/doc/html/rfc6238">RFC6238 - TOTP: Time-Based One-Time Password Algorithm</a></li>
95 <li><a href="https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html">Yubico.com - otpauth URI string format</a></li>
96 </ul>
97
98 </article>
99 </div>
100 </main>
101 </body>
102 </html>