Last active
November 23, 2017 21:08
-
-
Save RedRoosterKey/522491087182bac05c953c7ebefae366 to your computer and use it in GitHub Desktop.
Allows 2 independent persons to create a shared otp time based code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| set -e | |
| # set -v | |
| # Accepts a first party and a second party and produces a shared | |
| # One Time Password Time based code, usually referred to as 2FA | |
| # Dependencies | |
| # sudo apt-get install qrencode oathtool | |
| # This function centers the text in the terminal | |
| function center_echo { | |
| message="$*" | |
| columns=$(tput cols) | |
| spaces=$(((columns-${#message})/2)) | |
| head -c ${spaces} < /dev/zero | tr '\0' ' ' | |
| echo "${message}" | |
| } | |
| if [ $# -ne 2 ] | |
| then | |
| >&2 echo "Incorrect Usage!" | |
| >&2 echo "${0} (first party) (second party)" | |
| exit 1 | |
| fi | |
| party_one=${1} | |
| party_two=${2} | |
| size=32 # length of the shared secret | |
| step=60 # lifespan of a single code in seconds | |
| digits=6 # length of the codes (only 6, 7 and 8 are supported) | |
| # Android currently only supports 6 digits | |
| issuer=$(echo "Interpersonal Authenticator"| sed 's/ /%20/g') | |
| center_echo Interpersonal Authenticator | |
| center_echo "${party_one} <=> ${party_two}" | |
| center_echo This program has been tested with the following authenticators | |
| center_echo Please make sure you have one of these installed | |
| center_echo Press Enter To Continue | |
| echo "Android - Google Authenticator" | |
| qrencode --level=H --margin=1 --type=ANSI256 https://bit.ly/19dDzPR | |
| # https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 | |
| center_echo Press Enter To Continue | |
| read | |
| echo "iOS - Google Authenticator" | |
| qrencode --level=H --margin=1 --type=ANSI256 http://apple.co/1NoT8TE | |
| # https://itunes.apple.com/us/app/id388497605 | |
| center_echo Press Enter To Continue | |
| read | |
| center_echo Generating random key with ${size} bytes | |
| # Alternative method to generate random data | |
| # Much faster (Good for testing) | |
| # b32_secret_no_pad=$(openssl rand "${size}" | base32 --wrap=0 | tr -d '=') | |
| center_echo If the program stalls you need to generate more entropy on your computer | |
| # The URI really doesn't seem to like the "=" padding | |
| b32_secret_no_pad=$(head -c ${size} /dev/random | base32 --wrap=0 | tr -d '=') | |
| # If you do not have `base32` installed, you can download and compile https://github.com/RedRoosterKey/hex2b32 | |
| # b32_secret_no_pad=$(xxd -cols "${size}" --len "${size}" -ps /dev/random | hex2b32 --no-padding) | |
| function qr_code { | |
| from=${1} | |
| to=${2} | |
| # Generate QR Codes in proper format | |
| # https://github.com/google/google-authenticator/wiki/Key-Uri-Format | |
| label=$(echo "Shared Code With ${to}" | sed 's/ /%20/g') | |
| uri="otpauth://totp/${label}?secret=${b32_secret_no_pad}&issuer=${issuer}&digits=${digits}&period=${step}" | |
| center_echo "${uri}" | |
| qrencode --level=L --margin=1 --type=ANSI256 "${uri}" | |
| center_echo "${from}: Please scan and press enter." | |
| read | |
| } | |
| qr_code "${party_one}" "${party_two}" | |
| qr_code "${party_two}" "${party_one}" | |
| # Generate Some codes | |
| oathtool --totp --base32 --time-step="${step}"s --digits="${digits}" --window=5 "${b32_secret_no_pad}" --verbose | while read line; do center_echo "${line}"; done | |
| center_echo oathtool --totp --base32 --time-step="${step}"s --digits="${digits}" "${b32_secret_no_pad}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment