gauth

command module
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2023 License: 0BSD, ISC Imports: 12 Imported by: 0

README

Go presubmit

gauth: replace Google Authenticator

Installation

With a Go environment already set up, it should be as easy as go get github.com/pcarrier/gauth.

Eg, with GOPATH=$HOME/go, it will create a binary $HOME/go/bin/gauth.

Usage

  • In web interfaces, pretend you can't read QR codes, get a secret like hret 3ij7 kaj4 2jzg instead.

  • Store one secret per line in ~/.config/gauth.csv, in the format name:secret. For example:

      AWS:   ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567
  Airbnb:abcd efgh ijkl mnop
  Google:a2b3c4d5e6f7ghij
  Github:234567qrstuvwxyz
  otpauth://totp/testOrg:testuser?secret=AAAQEAYEAUDAOCAJ======&issuer=testOrg&algorithm=SHA512&digits=8&period=30

  • Restrict access to your user:

      $ chmod 600 ~/.config/gauth.csv

  • Run gauth. The progress bar indicates how far the next change is.

      $ gauth
             prev   curr   next
  AWS        315306 135387 483601
  Airbnb     563728 339206 904549
  Google     453564 477615 356846
  Github     911264 548790 784099
  [=======                      ]

  • gauth is convenient to use in watch.

      $ watch -n1 gauth

  • Remember to keep your system clock synchronized and to lock your computer when brewing your tea!

Encryption

gauth supports password-based encryption of gauth.csv. To encrypt, use:

    $ openssl enc -aes-128-cbc -md sha256 -in ~/gauth.csv -out ~/.config/gauth.csv
    enter aes-128-cbc encryption password:
    Verifying - enter aes-128-cbc encryption password:

gauth will then prompt you for that password on every run:

    $ gauth
    Encryption password:
               prev   curr   next
    LastPass   915200 479333 408710

Note that this encryption mechanism is far from ideal from a pure security standpoint. Please read OpenSSL's notes on the subject.

Compatibility

Tested with:

  • Airbnb
  • Apple
  • AWS
  • DreamHost
  • Dropbox
  • Evernote
  • Facebook
  • Gandi
  • Github
  • Google
  • LastPass
  • Linode
  • Microsoft
  • Okta (reported by Bryan Baldwin)
  • WP.com
  • bittrex.com
  • poloniex.com

Please report further results to pierre@gcarrier.fr.

Rooted Android?

If your Android phone is rooted, it's easy to "back up" your secrets from an adb shell into gauth.

# sqlite3 /data/data/com.google.android.apps.authenticator2/databases/database \
          'select email,secret from accounts'

Really, does this make sense?

At least to me, it does. My laptop features encrypted storage, a stronger authentication mechanism, and I take good care of its physical integrity.

My phone also runs arbitrary apps, is constantly connected to the Internet, gets forgotten on tables.

Thanks to the convenience of a command line utility, my usage of 2-factor authentication went from 3 to 10 services over a few days.

Clearly a win for security.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
Package gauth implements the time-based OTP generation scheme used by Google Authenticator.
 Package gauth implements the time-based OTP generation scheme used by Google Authenticator.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.