TOTP tokens on desktop

If, like me, your phone may not always be in arms reach (or in a known location), you may sometimes get frustrated with 2FA tokens: look for the phone, look for the app, memorize the token, start writing, re-check the code, finish writing, make a typo, wash, rinse, repeat.

So I thought why wouldn't I have the tokens stored also on the computer, encrypted. Turns out, there are a couple of options in Ubuntu repos already, namely gnome-authenticator and otpclient. These, while working, seemed like a too big of a hammer for my preferred use, so I wrote a little script to grab a generated TOTP key for a service. I didn't want to go inventing a new file format or use a database, so I just used a list of URIs in key uri format, which can handily be exported from FreeOTP+, only encrypted with AES256.

The resulting script uses dmenu for passphrase querying, openssl CLI tool for decryption, xclip for putting the result on the clipboard and notify-send for error reporting.

To create the encrypted file, use something like:

mkdir ~/.local/share/totp
openssl aes256 -in [listfile] -out ~/.local/share/totp/keys.txt.encrypt

Then run the totp script with argument specifying which key you intend to use.

Adjust the dmenu colors to suit your fancy.

Published on February 11, 2021