otp

otp is a single function implementation of TOTP in bash and a full rewrite of matthauck/bash-totp.

Since this implementation is a single function, it can be useful to be copied and pasted into another script.

Dependencies

• openssl
• base32 with coreutils or python3
• date (bash < 5.0 only)

Usage

Secret is a base32 encoded string found in the field secret of a TOTP Key Uri Format, usually 16 chars long. Example:

echo -n "hi world." | base32
NBUSA53POJWGILQ=

Or a full TOTP Uri, example:

otpauth://totp/example.com:username%40example.com?secret=NBUSA53POJWGILQ=&issuer=example.com

A secret must always be a file because ps -e can show environment variables. Only the first line of the file will be parsed.

With environment variable

Set the secret using a environment variable:

OTP_SECRET_FILE=.secret ./otp

Using stdin

Set the secret using the cat command:

cat .secret | ./otp

Or the pass command:

pass otp/secret | ./otp

Assigning other parameters

The digits, period and algorithm can be set too:

OTP_DIGITS=6 OTP_PERIOD=30 OTP_ALGORITHM=SHA1 OTP_SECRET_FILE=otp.secret ./otp

base32 implementation

The script auto-detect the available implementation, but it's possible to set manually too.

Standard Linux or macOS with coreutils:

OTP_BASE32=base32 OTP_SECRET_FILE=.secret ./otp

macOS without coreutils:

OTP_BASE32=base32_py OTP_SECRET_FILE=.secret ./otp

Inporting inside another script

source ./otp

OTP_SECRET_FILE=".secret"
otp