TOTP(1) General Commands Manual TOTP(1)

totptime-based one time password generator

totp <secret

totp is a time-based one time password generator (TOTP). It reads a secret from standard input and prints the generated password, a numeric code, to standard output. The secret is usually provided by the authenticator (for e.g. a website) and is either a base32-encoded string or a ‘otpauth://’ URI. Blanks in the secret string are ignored, but only one line is read.

totp uses a period of 30 seconds, HMAC-SHA1 and generates six digits long codes, unless the URI specifies otherwise.

The totp utility exits 0 on success, and >0 if an error occurs.

totp is meant to be used with plass(1) or similar application: the secret is stored safely in the password store and then given to totp using a pipe:

$ plass cat 2fa/codeberg/op | totp


totp follows the algorithm outlined in RFC 6238 “TOTP: Time-Based One-Time Password Algorithm” and uses the base32 encoding as defined in RFC 3548 “The Base16, Base32, and Base64 Data Encodings”. ‘otpauth://’ URIs are parsed as per the “Key URI Format” proposed by Google Authenticator.

The totp utility was written by Omar Polo <>.

August 30, 2023 OpenBSD 7.4