Skip to content

A CLI tool to generate TOTP values from a password protected YubiKey by storing the password in the system-protected keyring.

License

Notifications You must be signed in to change notification settings

cimnine/yk-totp

Repository files navigation

yk-totp

PyPI Version PyPI License PyPI Status

yk-totp is a little CLI util for YubiKeys, that will generate TOTP codes upon request.

The added benefit compared to the official ykman is that it offers to store the password for unlocking your YubiKey in your system's keyring, whereas ykman stores your password in it's config file. (While the password is stored as PBKDF2HMAC-hash and not in plain-text, this hash is all that is required to get to your 2FA, yet this hash is not protected in any way.)

This allows yk-totp to be used in other tools (like in an Alfred Worflow) which don't offer facilities to store or enter a password, or where it's inconvenient to repeatedly enter the password.

Requirements

This tool requires Python 3 and an operating system that is supported by both, the keyring Python module and by the ykman tool from YubiCo.

Installation

For now, the way to install yk-totp is via PIP:

pip3 install -U yk-totp

Use the same command to update to a new version.

Error while installation

If you get errors while installing yk-totp, try this:

# Update the Python modules responsible for installing other modules
pip3 install -U pip wheel setuptools

Check if you have swig installed, which is apparently required to install pyscard, which is a dependency of ykman:

# macOS with Homebrew
brew install swig

# Linux (apt)
sudo apt update && sudo apt install swig

# Linux (yum)
sudo yum install swig

# Windows with Chocolately
choco install swig

Development

python3 -m venv .venv
source .venv/bin/active
python3 -m pip install -U pip setuptools wheel
python3 -m pip install -r requirements.txt
python3 -m pip install -e .

Release

See https://packaging.python.org/tutorials/packaging-projects/.

tl;dr:

rm -rf dist *.egg-info
python3 -m pip install -U build twine
python3 -m build
python3 -m twine upload dist/*
# Username: __token__

Licensing and Copyright

This code is copyrighted. But it can be used under the terms of the MIT license for your own purposes. It builds upon the following third party modules:

  • keyring for the interaction with the operating system's keyring, which is MIT licensed.
  • yubikey-manager for communicating with the YubiKey, which is licensed under a BSD-2-Clause License.
  • click for the CLI interface, which is licensed under a BSD-3-Clause License.

Open source software rocks 🎸!

About

A CLI tool to generate TOTP values from a password protected YubiKey by storing the password in the system-protected keyring.

Topics

Resources

License

Stars

Watchers

Forks

Sponsor this project

 

Languages