cotp - command line TOTP/HOTP authenticator

I believe that security is of paramount importance, especially in this digital world. I created cotp because I needed a minimalist, secure, desktop accessible software to manage my two-factor authentication codes.

Overview

Interface

Type i to get some instruction. Otherwise just enter cotp --help. In the first run you will be prompted to insert a password to initialize the database.

TL;DR

# Display all the OTP codes in the interactive dashboard
cotp # select any code with arrow keys, press enter to copy into the clipboard, even in an SSH remote shell

# Add a new TOTP code from a BASE32 secret key
cotp add --label myaccount@gmail.com --issuer Google

# Add a new HOTP code with custom algorithm, digits and counter
cotp add --label example --type hotp --algorithm SHA256 --digits 8 --counter 10

# Edit the digits of the 4th OTP code
cotp edit --index 4 --digits 8

# List all the codes in JSON format passing password through stdin
echo "mysecretpassword" | cotp --password-stdin list --json

# Extract the first matching OTP code with "google" issuer and copy it into the clipboard
cotp extract --issuer google --copy-clipboard

# Import an encrypted Aegis Database backup
cotp import --path my_db.json --aegis-encrypted

# Export the cotp database
cotp export

Compatibility

cotp can generate both TOTP and HOTP codes, compliant with rfc6238 and rfc4226 specifications. Also, it is possible to customize settings like HMAC algorithm and digits, to provide compatibility to other two-factor authentication systems.

Latest releases also include support for Steam, Yandex, MOTP codes.

Encryption

This program relies on only one database file encrypted with XChaCha20Poly1305 authenticated encryption and Argon2id for key derivation.

It also uses AES-GCM to import from encrypted Aegis backups.

Cross Plaform

cotp should be easily compiled on the most used platforms, but it is mostly tested on Linux, Windows and macOS.

Install

Arch Linux / Manjaro / Debian / Ubuntu / NixOS / others...

cotp is distributed in some of the mayor Linux distro repositories. Please check the repology badge at the top to know if your distribution already provides a package. I will try to push to more repositories over time.

Otherwise you have other options as explained in the next paragraph.

Other linux distributions and *nix

Before beginning check that you have the required build dependencies to use the rust compiler.

You need to install the libxcb-devel dependency, needed for clipboard coping in X11:

• Debian based: sudo apt install libxcb1-dev libx11-dev libxcb-shape0-dev libxcb-xfixes0-dev libxkbcommon-dev xclip
• Fedora / RHEL based: sudo dnf install libX11-devel
• Void Linux sudo xbps-install -S libxcb-devel

macOS

brew install cotp

Windows

Building is supported with both x86_64-pc-windows-gnu and x86_64-pc-windows-msvc toolchains.

If you want to use x86_64-pc-windows-msvc you will need to install the Visual C++ 2019 Build Tools

Once you have the rust toolchain installed just run cargo install cotp.

Use the crates.io repository

Just type cargo install cotp and wait for the installation.

Clone the GitHub repository and manually install

You can build cotp using these commands:

git clone https://github.com/replydev/cotp.git
cargo install --path cotp/

Migration from other apps

cotp supports TOTP codes migration from various apps. Some needs to be converted using simple python script you can find listed in the table below.

How to convert

Once you got the correct files run the right python script located in the converters/ folder in this source code.

Example: python authy.py path/to/database.xml converted.json

It will convert the database in a json format readable by cotp.

To terminate the import: cotp import --authy --path path/to/converted_database.json

Configuration

By default database is located in $HOME/.cotp/db.cotp. If you want to use a different path, you can use COTP_DB_PATH environment variable or use the --database-path argument. The first can be configured in shell configuration files, the second in package managers where the configuration of environment variables is not allowed, like Scoop.

These are examples of how to do this in bash:

$ COTP_DB_PATH=/home/user/.local/custom-folder/db.cotp cotp

or

$ cotp --database-path /home/user/.local/custom-folder/db.cotp

Planned features

Currently, there is not any planned feature. If you need something new that could improve the software feel free to open an issue.

Contribution

I created this project for my own needs, but I would be happy if this little program is useful to someone else, and I gratefully accept any pull requests.