tok is a two-factor authentication (2FA) command-line utility. You can use it instead of a mobile app to generate 2FA tokens.
Add a token:
$ tok add
Enter name: gibsons
Enter secret: VBWA FMHK U522 CBPO
Enter note:
Please enter database password: *****
Token 'gibsons', added 2025-01-01 00:00:00
123 456Use a token:
$ tok gibsons
Please enter database password: *****
Token 'gibsons', added 2025-01-01 00:00:00:
123 456Adding and exporting tokens using the key-uri format:
$ tok import "otpauth://totp/gibsons?secret=VBWAFMHKU522CBPO&issuer=issuer&algorithm=SHA1&digits=6&period=30"
...
$ tok export gibsons
1 - otpauth://totp/gibsons?secret=...Build from source code:
sudo apt install golang
go install github.com/avahidi/tok@latestThis will install tok to your ~/go/bin/ folder.
The tok security strategy is quite simple:
- tok is a minimal Go implementation of RFC 6238 (TOTP).
- tok does not use any third-party libraries.
- The database is GCM-AES-256 encrypted.
- The encryption key is derived using PBKDF2-SHA-256 with a 256-bit salt.
Note that it is generally advised against storing both passwords and 2FA tokens on the same computer.
On a possibly related note, "tok" is not only shorthand for "token" but also the Swedish word for "fool"...
This project is licensed under the GNU General Public License version 2. See the LICENSE file for details.