#authenticator #totp #argon2 #google-authenticator #secure-password #command-line-interface

app cotp

Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality

25 releases (14 stable)

1.5.0 Mar 12, 2024
1.3.0 Oct 10, 2023
1.2.5 May 23, 2023
1.2.3 Feb 28, 2023
0.1.7 Feb 21, 2021

#20 in Authentication

Download history 341/week @ 2024-02-11 208/week @ 2024-02-18 135/week @ 2024-02-25 12/week @ 2024-03-03 152/week @ 2024-03-10 17/week @ 2024-03-17

340 downloads per month

Custom license

135KB
3K SLoC

cotp - command line TOTP/HOTP authenticator

Actions Status crates.io Downloads

Packaging status

I believe that security is of paramount importance, especially in this digital world. I created cotp because I needed a minimalist, secure, desktop accessible software to manage my two-factor authentication codes.

Overview

Interface

cotp is written with simplicity in mind, the interface is quite minimalist and intuitive as command line apps should be.

asciicast

If you are familiar with the command line interface using cotp will not be a problem. Just type cotp to enter the TUI dashboard. Type i to get some instruction. Otherwise just enter cotp --help.

In the first run you will be prompted to insert a password to initialize the database.

Encryption

This program relies on only one database file encrypted with XChaCha20Poly1305 authenticated encryption and Argon2id for key derivation.

It also uses AES-GCM to import from encrypted Aegis backups.

Compatibility

cotp can generate both TOTP and HOTP codes, compliant with rfc6238 and rfc4226 specifications. Also, it is possible to customize settings like HMAC algorithm and digits, to provide compatibility to other two-factor authentication systems.

Latest releases also include support for Steam, Yandex, MOTP codes and code copying from SSH Remote Shell.

Cross Plaform

cotp should be easily compiled on the most used platform, but it is mostly tested on Linux and Windows.

Install

Arch Linux and arch-based distributions

Arch Linux has an official package in the [extra] repository:

pacman -S cotp

Additionally if you wish to compile and run the Git HEAD version instead of the current stable release, an AUR package cotp-git can be installed using the usual instructions or your favorite AUR helper like paru (paru -S cotp-git).

Other linux distributions and *nix

Before beginning check that you have the required build dependencies to use the rust compiler.

You need to install the libxcb-devel dependency, needed for clipboard coping in X11:

  • Debian based: sudo apt install libxcb1-dev libx11-dev libxcb-shape0-dev libxcb-xfixes0-dev libxkbcommon-dev
  • Fedora / RHEL based: sudo dnf install libX11-devel
  • Void Linux sudo xbps-install -S libxcb-devel

Windows

Windows installation/compilation is supported with both of toolchains.

If you want to use x86_64-pc-windows-msvc you will need to install the Visual C++ 2019 Build Tools

Once you have the rust toolchain installed just run cargo install cotp.

Use the crates.io repository

Just type cargo install cotp and wait for the installation.

Clone the GitHub repository and manually install

You can build cotp using these commands:

git clone https://github.com/replydev/cotp.git
cargo install --path cotp/

Migration from other apps

cotp supports TOTP codes migration from various apps. Some needs to be converted using simple python script you can find listed in the table below.

App How to fetch backup Needs conversion cotp argument
andOTP Make a backup using the app itself. No --andotp
Aegis Make a backup using the app itself. No --aegis
Aegis (encrypted) Make an encrypted backup using the app itself. No --aegis-encrypted
Authy Obtain /data/data/com.authy.authy/shared_prefs/com.authy.storage.tokens.authenticator.xml from your phone. Yes --authy
Authy (2nd method) Follow this guide: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93. No --authy-exported
cotp Export your database using cotp export. No --cotp
FreeOTP Obtain /data/data/org.fedorahosted.freeotp/shared_prefs/tokens.xml from your phone. Yes --freeotp
FreeOTP+ Make a backup using the app itself. No --freeotp-plus
Google Authenticator Obtain /data/data/com.google.android.apps.authenticator2/databases/databases from your phone Yes --google-authenticator
Microsoft Authenticator Obtain /data/data/com.azure.authenticator/databases/PhoneFactor from your phone. Take also PhoneFactor-wal, PhoneFactor-shm if they exist in the same folder. Yes --microsoft-authenticator
OTP URI list Create a JSON file which contains a items property. It will contains a string array where each element is an OTP URI. No --otp-uri

How to convert

Once you got the correct files run the right python script located in the converters/ folder in this source code.

Example: python authy.py path/to/database.xml converted.json

It will convert the database in a json format readable by cotp.

To terminate the import: cotp import --authy --path path/to/converted_database.json

Planned features

Currently, there is not any planned feature. If you need something new that could improve the software feel free to open an issue.

Contribution

I created this project for my own needs, but I would be happy if this little program is useful to someone else, and I gratefully accept any pull requests.

Dependencies

~23–36MB
~406K SLoC