Skip to content
/ cotp Public

Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality.

License

Notifications You must be signed in to change notification settings

replydev/cotp

Repository files navigation

cotp - command line TOTP/HOTP authenticator

Actions Status crates.io Downloads

Packaging status

I believe that security is of paramount importance, especially in this digital world. I created cotp because I needed a minimalist, secure, desktop accessible software to manage my two-factor authentication codes.

Overview

Interface

Type i to get some instruction. Otherwise just enter cotp --help. In the first run you will be prompted to insert a password to initialize the database.

TL;DR

# Display all the OTP codes in the interactive dashboard
cotp # select any code with arrow keys, press enter to copy into the clipboard, even in an SSH remote shell

# Add a new TOTP code from a BASE32 secret key
cotp add --label myaccount@gmail.com --issuer Google

# Add a new HOTP code with custom algorithm, digits and counter
cotp add --label example --type hotp --algorithm SHA256 --digits 8 --counter 10

# Edit the digits of the 4th OTP code
cotp edit --index 4 --digits 8

# List all the codes in JSON format passing password through stdin
echo "mysecretpassword" | cotp --password-stdin list --json

# Extract the first matching OTP code with "google" issuer and copy it into the clipboard
cotp extract --issuer google --copy-clipboard

# Import an encrypted Aegis Database backup
cotp import --path my_db.json --aegis-encrypted

# Export the cotp database
cotp export

Compatibility

cotp can generate both TOTP and HOTP codes, compliant with rfc6238 and rfc4226 specifications. Also, it is possible to customize settings like HMAC algorithm and digits, to provide compatibility to other two-factor authentication systems.

Latest releases also include support for Steam, Yandex, MOTP codes.

Encryption

This program relies on only one database file encrypted with XChaCha20Poly1305 authenticated encryption and Argon2id for key derivation.

It also uses AES-GCM to import from encrypted Aegis backups.

Cross Plaform

cotp should be easily compiled on the most used platform, but it is mostly tested on Linux and Windows.

Install

Arch Linux and arch-based distributions

Arch Linux has an official package in the [extra] repository:

pacman -S cotp

Additionally if you wish to compile and run the Git HEAD version instead of the current stable release, an AUR package cotp-git can be installed using the usual instructions or your favorite AUR helper like paru (paru -S cotp-git).

NixOS

Check the official package.

Other linux distributions and *nix

Before beginning check that you have the required build dependencies to use the rust compiler.

You need to install the libxcb-devel dependency, needed for clipboard coping in X11:

  • Debian based: sudo apt install libxcb1-dev libx11-dev libxcb-shape0-dev libxcb-xfixes0-dev libxkbcommon-dev xclip
  • Fedora / RHEL based: sudo dnf install libX11-devel
  • Void Linux sudo xbps-install -S libxcb-devel

macOS

brew install cotp

Windows

Building is supported with both x86_64-pc-windows-gnu and x86_64-pc-windows-msvc toolchains.

If you want to use x86_64-pc-windows-msvc you will need to install the Visual C++ 2019 Build Tools

Once you have the rust toolchain installed just run cargo install cotp.

Use the crates.io repository

Just type cargo install cotp and wait for the installation.

Clone the GitHub repository and manually install

You can build cotp using these commands:

git clone https://github.com/replydev/cotp.git
cargo install --path cotp/

Migration from other apps

cotp supports TOTP codes migration from various apps. Some needs to be converted using simple python script you can find listed in the table below.

App How to fetch backup Needs conversion cotp argument
andOTP Make a backup using the app itself. No --andotp
Aegis Make a backup using the app itself. No --aegis
Aegis (encrypted) Make an encrypted backup using the app itself. No --aegis-encrypted
Authy Obtain /data/data/com.authy.authy/shared_prefs/com.authy.storage.tokens.authenticator.xml from your phone. Yes --authy
Authy (2nd method) Follow this guide: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93. No --authy-exported
cotp Export your database using cotp export. No --cotp
FreeOTP Obtain /data/data/org.fedorahosted.freeotp/shared_prefs/tokens.xml from your phone. Yes --freeotp
FreeOTP+ Make a backup using the app itself. No --freeotp-plus
Google Authenticator Obtain /data/data/com.google.android.apps.authenticator2/databases/databases from your phone Yes --google-authenticator
Microsoft Authenticator Obtain /data/data/com.azure.authenticator/databases/PhoneFactor from your phone. Take also PhoneFactor-wal, PhoneFactor-shm if they exist in the same folder. Yes --microsoft-authenticator
OTP URI list Create a JSON file which contains a items property. It will contains a string array where each element is an OTP URI. No --otp-uri

How to convert

Once you got the correct files run the right python script located in the converters/ folder in this source code.

Example: python authy.py path/to/database.xml converted.json

It will convert the database in a json format readable by cotp.

To terminate the import: cotp import --authy --path path/to/converted_database.json

Configuration

By default database is located in $HOME/.cotp/db.cotp. If you want to use a different path, you can use COTP_DB_PATH environment variable or use the --database-path argument. The first can be configured in shell configuration files, the second in package managers where the configuration of environment variables is not allowed, like Scoop.

These are examples of how to do this in bash:

$ COTP_DB_PATH=/home/user/.local/custom-folder/db.cotp cotp

or

$ cotp --database-path /home/user/.local/custom-folder/db.cotp

Planned features

Currently, there is not any planned feature. If you need something new that could improve the software feel free to open an issue.

Contribution

I created this project for my own needs, but I would be happy if this little program is useful to someone else, and I gratefully accept any pull requests.