"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.11/linotpd/src/tools/totp-token.1" (12 Nov 2019, 4563 Bytes) of package /linux/misc/LinOTP-release-2.11.tar.gz:


Caution: As a special service "Fossies" has tried to format the requested manual source page into HTML format but links to other man pages may be missing or even erroneous. Alternatively you can here view or download the uninterpreted manual source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

TOTP-TOKEN

NAME
SYNOPSIS
DESCRIPTION
COMMON OPTIONS
EXAMPLE
INTERNET SOURCES
SEE ALSO
BUGS
AUTHOR

NAME

totp-token − software demo TOTP token.

SYNOPSIS

totp-token [-g] [-o <seconds>] [-t <seconds>] [-a <seconds>] [-u <url>] [-c] [-j <seconds>] [-s <seed>] [-r range] [-x] [-d digits] [-l hash-algorithm] [-q optval]

DESCRIPTION

This tool is meant to simulate a TOTP token, that might have a clock that is wrong in time, a clock that has a time drift or even a jitter. Configuration values are stored in the file ~/.python-totp.cfg. Calling the script without any parameters will output the current OTP value.

COMMON OPTIONS

−-help, -h

Display a short help.

−s <seed>, --seed <seed>

Take the seed as HMAC key and store it in the configuration file.

−g, --genkey

Generates a new HMAC key and stores it in the configuration file.

−d <digits>, --digits <digits>

Define the number of digits of the returned otp.

−o <seconds>, --offset=<seconds>

Sets a static offset (in seconds) for this TOTP token. This value is stored in the configuration file. Giving a new value will overwrite the old one in the config file.

−t <seconds>, --timestep=<seconds>

This can either be 60 or 30 seconds. Giving a new value will overwrite the old one in the config file.

−a <seconds>, --add_offset=<seconds>

The offset is increased by this amount of seconds. The new offset is stored in the configuration file. Using this you can simulate a drifting clock, when calling the totp-token over and over again and adding some seconds at each call.

−u <url>, --url=<url>

This is used with the parameter "check". You can specify a URL where the OTP value should be authenticated. Such a URL could be https://localhost/validate/check?user=USER&pass=PIN. The calculated TOTP value is just appended to this URL.

−j <seconds>, --jitter=<seconds>

Here you can specify a time jitter. This value is stored in the configuration file. Note: Successing calls will always use the jitter from the config file! This is the maximum jitter. So if you specify 30 (seconds) the script will add random seconds betweend -30 and +30 seconds to the calculation of the TOTP value.

−c, --check

Tell the script to check the validity of the OTP value.

−r, --range=<timesteps>

If single numeric value, it return several OTP values around the current time. You can specify how many OTP values should be displayed. If specified as <start,end> it will take the absolute timesteps as start and end value

−q, --query=<otpvalue>

In combination with -r or --range : if the otpvalue is found in the range, the otpvalue with its sibblings will be displayed.

−x, --selftest

Will run an selftest against the test vector from the hotp specification.

EXAMPLE

totp-token -r 1,2 -s 3132333435363738393031323334353637383930313233343536373839303132 -l sha256 -d 8 -t 30

- set token seed (-s 3132333435363738393031323334353637383930313233343536373839303132) to binary key 12345678901234567890123456789012

- set token hash algorithm to sha256

- set timestep to 30

- set number of returned otp digits to 8

- look in the range from counter 1 to 2 for all otp values

INTERNET SOURCES

https://www.linotp.org, https://www.keyidentity.com

SEE ALSO

linotpadm (1)

BUGS

No known bugs.

AUTHOR

KeyIdentity GmbH <linotp@keyidentity.com>