-
Notifications
You must be signed in to change notification settings - Fork 0
/
shotput
executable file
·91 lines (75 loc) · 2.12 KB
/
shotput
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/sh
#
# shotput: a portable shell script to generate TOTPs from the command line
#
if [ ! "$1" ]; then echo "
Usage: shotput service [reveal]
Generates an OTP for the given service. If the service is not found, you will
be prompted to provide a new secret key and an encryption password. New
secrets are added to the config file in $HOME/.config/shotput.keys . Each
secret is encrypted seperately and may use a different password.
If [reveal] is specified, the secret key for the given service will be
displayed, rather than generating an OTP.
Note: requires oathtool >=2.6.6 and openssl.
"; exit 1; fi
alias encrypt="openssl enc -aes-256-cbc -pbkdf2 -base64 -A -in /dev/stdin"
CONFIG="$HOME/.config/shotput.keys"
[ -d $HOME/.config ] || mkdir $HOME/.config
#
# Prompt for a new secret key and password.
#
# $1 the name of the service
#
newkey() {
SERVICE=$1
echo -n "Enter a new base32 secret key for $SERVICE:"
read SECRET
echo -n "Enter TOTP algorithm (default SHA1):"
read ALGORITHM
[ $ALGORITHM ] && PARAMS=" $ALGORITHM"
echo -n "Enter TOTP timeout (default 30s):"
read TIMEOUT
[ $TIMEOUT ] && PARAMS=" ${ALGORITHM:=sha1} $TIMEOUT"
# encrypt the new secret and write to the config file
KEY=$(echo $SECRET | encrypt)
if [ $? -ne 0 ]; then
echo "Something went wrong: $KEY"
exit 1
fi
PARAMS="$KEY$PARAMS"
echo $SERVICE=\"$PARAMS\" >> $CONFIG
echo "Encrypted secret key for $SERVICE and added to $CONFIG\n"
}
#
# Decrypt a secret key and generate a totp.
#
# $1 the encrypted secret key
# $2 totp algorithm (default SHA1)
# $3 totp timeout in seconds (default 30)
#
genotp() {
echo "$1" | encrypt -d | oathtool --base32 --totp=${2:-sha1} --time-step-size=${3:-30s} -
}
#
# Reveal the secret key for a service.
#
# $1 the service name
# $2 totp algorithm, if declared
# $3 totp timeout, if declared
#
reveal() {
echo "$1" | encrypt -d
[ "$2" ] && echo $2
[ "$3" ] && echo $3
}
# read the keys from the config file
. $CONFIG
SERVICE=$1
PARAMS=$(eval echo \$$SERVICE)
# parse the command line
[ "$PARAMS" ] || newkey $SERVICE
if [ "$2" = "reveal" ]; then
reveal $PARAMS
else
genotp $PARAMS
fi