TOTP tool for Debian

uberprutser · 10-09-2023, 07:52 AM

I just installed Debian 12 with xfce on my old 32bit laptop.
And now I would like to add a simple gui for TOTP 2fa login.
I tried to install keepassxc but that needs 120MB! There must be something smaller

boughtonp · 10-09-2023, 08:40 AM

No idea, but I've been planning to lookup such a tool myself.

Debian package pages have a "Similar packages" option - visiting //packages.debian.org/keepassxc lists a bunch, but from a quick look none of them appear suitable.

Searching Debian package descriptions for "totp" reveals... well a whole bunch of libraries, but hidden in amongst those is:

* otpclient
* numerstation

They both depend on GTK3, which I dislike, so I guess yet another task for my todo list is to look at Python-based Numberstation and see what it takes to switch it to a different UI library (like Tk).

pan64 · 10-09-2023, 08:44 AM

what needs 120MB? I guess you could try to recompile/rebuild keepassxc, it won't be that much, especially if you remove the documentation and sources.

uberprutser · 10-09-2023, 09:29 AM

I've installed OTPClient and it didn't need 120mb of libraries

But now I have a new problem/challenge.
On windows 10 I use a program Winauth and it gives me the 6 digits I need to login to my google account (2fa)
Winauth can export a QR code and I used that to setup my google authenticator on android.
So codes generated on windows and android are in sync.
I can import the same QR code in OTPClient (using a png file) but then it generates a different code.... something is wrong, but I'm at a loss!

shruggy · 10-09-2023, 10:36 AM

At one point, I successfully imported data (that was definitely not a QR code) from Winauth into OTPClient using its Import dialog. It was a plain text file. Sorry, cannot remember what exact format that was. OTPClient offers five formats for import. Winauth says it exports in Google KeyUriFormat, but there's no such option in OTPClient. I tried available options one after another, and one of them worked. I guess that was Authenticator Plus, but I'm not sure.

The only problem afterwards was that it mixed Account and Issuer fields in some lines, so nothing critical: authentication worked anyway.

boughtonp · 10-09-2023, 11:20 AM

Numberstation is built around pyotp, which is a <50KB Python library with no other dependencies.

Thus, after doing "apt install python3-pyotp", one can write some trivial Python:

Code:

#!/usr/bin/env python3

import sys,pyopt,datetime

for a in sys.argv[1:]:

   totp = pyotp.parse_uri(a) if a.startswith('otpauth:') else pyotp.totp.TOTP(a)

   print (f'''
Name: {totp.name}
Issuer: {totp.issuer}
Secret: {totp.secret}
Password: {totp.now()}
Expires: {int(totp.interval - datetime.datetime.now().timestamp() % totp.interval)} seconds
''')

And then execute it like so:

Code:

$ ./test-totp.py I65VU7K5ZQL7WB4E otpauth://totp/totp@authenticationtest.com?secret=I65VU7K5ZQL7WB4E

Name: Secret
Issuer: None
Secret: I65VU7K5ZQL7WB4E
Password: 458681
Expires: 28 seconds


Name: totp@authenticationtest.com
Issuer: None
Secret: I65VU7K5ZQL7WB4E
Password: 458681
Expires: 28 seconds

Shouldn't be hard to add a QR decoder onto the front of that, and/or something to read secret(s) from somewhere suitably protected.

uberprutser · 10-09-2023, 01:28 PM

I installed numberstation, and it does give me the correct code. Otpclient looked better and I was able to copy the code. But for now the problem is fixed