max/totp-generator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
totp-generator/README.md

53 lines
2.1 KiB
Markdown
Raw Permalink Blame History

# TOTP Generator
A simple python script used to decode and encode TOTP QR-Codes.
## What is TOTP?
TOTP is a a form of two factor authentication known as a 'Time based one time password'.
Client and server have to both know a secret,
from which they generate time-dependent (one-time) passcodes as a second factor.
This is *not* an implementation of the TOTP protocol,
many corresponding apps (e.g. [FreeOTP][freeotp]) or devices (e.g. [Reiner SCT][sct]) exist.
## Why do I need this?
Probably you don't, here the authors use-case is explained.
Usually, these apps/devices scan the initial secret along with some metadata using a QR code
that will be provided by the web-service when setting up 2FA.
This script decodes those QR-codes, enabling plain text editing of them and re-builds QR codes.
This way, fully-functional 2FA entries can be produced while allowing to edit metadata.
Additionally, a high error-correction level is chosen to simplify scanning with your authenticator
device/app.
The author uses this as some websites don't set their metadata correctly
(e.g. not setting a username, prohibiting distinguishing multiple accounts on the same website)
or have names too long to be displayed conveniently.
# Installation
You need [zbar][zbar] as a QR-code reader library.
This can usually be installed via your distribution.
On Arch Linux, install the `zbar` package.
On Ubuntu, install `zbar-tools`.
Additionally, you need `python3` and the `pip` packages listed in `requirements.txt`.
# Usage
Call the `totp.py` script. Input QR codes can be placed into the `in` folder
(use screenshots for this).
They will be parsed and their data extracted in `json` format in the `json` folder.
You can then edit the `json` files to your willings.
Calling the script again will produce new QR codes in the `out` folder which you
can scan.
WARNING: obviously, the `in`, `json` and `out` folders will contain sensitive data
(your 2FA secrets). You will probably want to delete them after scanning into your app.
[zbar]: https://github.com/mchehab/zbar
[freeotp]: https://freeotp.github.io/
[sct]: https://authenticator.reiner-sct.com/en/
Reference in New Issue View Git Blame Copy Permalink