Skip to content

Highly secure and easy to use OTP client written in C/GTK3 that supports both TOTP and HOTP

License

Notifications You must be signed in to change notification settings

paolostivanin/OTPClient

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OTPClient

CircleCI Coverity Scan Build Status

Highly secure and easy to use GTK+ software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).

Requirements

Name Min Version
GTK+ 3.24
Glib 2.68.0
jansson 2.12
libgcrypt 1.10.1
libpng 1.6.30
libcotp 3.0.0
zbar 0.20
protobuf-c 1.3.0
protobuf 3.6.0
uuid 2.34
libsecret 0.20
qrencode 4.0.2

⚠️ Please note that the memlock value should be >= 64 MB. Any value less than this may cause issues when dealing with tens of tokens (especially when importing from third parties backups). See this wiki section for info on how to check the current value and set, if needed, a higher one.

Features

  • integration with the OS' secret service provider via libsecret
  • support both TOTP and HOTP
  • support setting custom digits (between 4 and 10 inclusive)
  • support setting a custom period (between 10 and 120 seconds inclusive)
  • support SHA1, SHA256 and SHA512 algorithms
  • support for Steam codes (please read THIS PAGE)
  • import and export encrypted/plain andOTP backup
  • import and export encrypted/plain Aegis backup
  • import and export plain FreeOTPPlus backup (key URI format only)
  • import and export encrypted/plain AuthenticatorPro backup
  • import and export encrypted/plain 2FAS backup
  • import of Google's migration QR codes
  • local database is encrypted using AES256-GCM
    • key is derived using Argon2id with the following default parameters: 4 iterations, 128 MiB memory cost, 4 parallelism, 32 taglen. The first three parameters can be changed by the user.
    • decrypted file is never saved (and hopefully never swapped) to disk. While the app is running, the decrypted content resides in a "secure memory" buffer allocated by Gcrypt

Testing

  • Before each release, I run PVS Studio and Coverity in order to catch even more bugs.
  • With every commit to master, OTPClient is compiled in CircleCI against different distros

Protobuf

The protobuf files needed to decode Google's otpauth-migration qr codes have been generated with protoc --c_out=src/ proto/google-migration.proto

Wiki

For things like roadmap, screenshots, how to use OTPClient, etc, please have a look at the project's wiki. You'll find a lot of useful information there.

Manual installation

If OTPClient hasn't been packaged for your distro (check here) and your distro doesn't support Flatpak, then you'll have to manually compile and install OTPClient.

  1. install all the needed libraries listed under requirements
  2. clone and install OTPClient:
git clone https://github.com/paolostivanin/OTPClient.git
cd OTPClient
mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr ..
make
sudo make install

License

This software is released under the GPLv3 license. Please have a look at the LICENSE file for more details.