time-based one time password
totp is a time-based one time password
generator (TOTP). It reads a secret from standard input and prints the
generated password, a numeric code, to standard output. The secret is
usually provided by the authenticator (for e.g. a website) and is either a
base32-encoded string or a ‘otpauth://’ URI. Blanks in the
secret string are ignored, but only one line is read.
totp uses a period of 30 seconds,
HMAC-SHA1 and generates six digits long codes, unless the URI specifies
totp utility exits 0 on
success, and >0 if an error occurs.
totp is meant to be used with
plass(1) or similar
application: the secret is stored safely in the password store and then
totp using a pipe:
$ plass cat 2fa/codeberg/op | totp 722524
totp follows the algorithm outlined in RFC
6238 “TOTP: Time-Based One-Time Password Algorithm” and uses
the base32 encoding as defined in RFC 3548 “The Base16, Base32, and
Base64 Data Encodings”. ‘otpauth://’ URIs are parsed as
per the “Key URI Format” proposed by Google Authenticator.
totp utility was written by