-
Notifications
You must be signed in to change notification settings - Fork 18
GenOTPURL
Archie L. Cobbs edited this page Jan 7, 2023
·
4 revisions
The mod-authn-otp distribution includes a command line utility called genotpurl which generates URLs for the Google Authenticator app.
A convenient and fairly easy way to distribute these URL's is to text them to the recipient. Once they have installed the Google Authenticator app on their phones, they can then simply click on the received URL to install the token into the app. You should also ask the recipient to delete the text from their phones once they've installed the token.
An even more secure alternative is to print the URL as a QR code on paper, use the app to load the token from the QR code, and then destroy the piece of paper.
The genotpurl utility was added in mod-authn-otp version 1.1.9.
The man page is reproduced here:
GENOTPURL(1) BSD General Commands Manual GENOTPURL(1)
NAME
genotpurl -- Generate Google Authenticator URLs
SYNOPSIS
genotpurl -I issuer -L label [-k key] [-K keylen] [-i] [-c counter]
[-d num-digits] [-p period]
DESCRIPTION
genotpurl is a utility for generating URLs for the Google Authenticator cell
phone app, which generates one-time passwords compatible with the HOTP/OATH
algorithm defined by RFC 4226. When an URL is processed by the Google Authen-
ticator app, the corresponding secure token is automatically installed into
the app.
The issuer and label are required; these strings are displayed in the app
along with the current token value.
The key is the token's binary secret key and is specified as a hexadecimal
string. If no key is given, genotpurl generates a random key and prints it to
standard error; this key must then be installed into the server application
that verifies the one-time passwords and associated with the user who will be
using the secure token.
The -i, -c, -d, and -p flags allow creation of non-standard tokens, but these
may not be supported by Google Authenticator.
OPTIONS
-c Specify the starting target counter value for the one-time password
generation. This flag is incompatible with the -t flag.
-d Specify the number of digits in the one-time password. The default
value is six.
-h Print the usage message and exit successfully.
-I Specify token issuer (e.g., "Example Industries, Inc.")
-i Create an interval-based token instead of a time-based token.
-k Specify the token binary secret key as a hexadecimal string.
If no key is given, genotpurl generates a random key and prints it to
standard output.
-K Specify generated key length. Ignored if -k is also specified.
-L Specify token label (e.g., "[email protected]")
-p Specify the length of a single time interval in seconds. The default
value is 30 seconds. Ignored if -i is given.
EXAMPLES
To generate a new secure token and generate the corresponding QR code:
genotpurl -I "Acme, Inc" -L [email protected] | qrencode -s 6 -o qrcode.png
SEE ALSO
qrencode(1)
mod_authn_otp: Apache module for one-time password authentication,
https://github.com/archiecobbs/mod-authn-otp.
Google Authenticator (iOS), https://itunes.apple.com/us/app/google-
authenticator/id388497605?mt=8.
Google Authenticator (Android),
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US.
AUTHOR
Archie L. Cobbs <[email protected]>
BSD July 21, 2018 BSD