Wanna try google auth, but not have the app on your phone and use your CLI instead? sure!
Begin by adding this fun alias to your ~/.bashrc
. that way executing this bit of fun will be easier
alias google_auth=`sudo ~/.auth/google.sh`
Google will provide you with an authenticator seed key. this is the key used to calculate future time-keys. Google will show you a QR code by default, opt instead to see the key in text. execute the command below in your console, replace the code with the key you received. You can replace -aes256 with any cypher you want.
$> echo code-from-google-auth-setup | openssl enc -aes256 -a -nosalt
once issued it will ask you to provide a secret password. this is just extra securety for later (let's not store your authenticator-secret in cleartext)
Make sure to open ~/.bash_history
or ~/.zsh_history
afterward and remove the history record of the above command!
keep the screen that has the hashed key on it somehwere. I encrypted the word "hello" using the password "yolo" and got this funny key:
ruX1e8WwbhfvmqhDAyevUA==
Create a new file like (for example) ~/.auth/google.sh
and open it in your favorite code-editor.
then give it the content like below (make sure to use the same cypher):
#!/bin/sh
# Set key to decrypt, change this to the key you generated earlier
encrypted="ruX1e8WwbhfvmqhDAyevUA=="
# Promt for decryption key
printf "decryption key:"
read -s password
# Decrypt encrypted key
decrypted=`echo $encrypted | openssl enc -d -aes256 -a -nosalt -k $password`
# Generate timecode
code=`oathtool --totp -b -d 6 $decrypted`
echo
echo $code
echo $code | pbcopy
# Unset decrypted key
decrypted=
Before anything else, we need to make this file just a tad safer. execute the following commands:
sudo chown root ~/.auth/google.sh
sudo chmod 700 ~/.auth/google.sh
Now the file is owned by the sudo user and can only be opened, edited and executed by sudo.
close your terminal and open a new one. then execute the following command
$> google_key
- you should first provide your system sudo-password
- then you provide the secret password you made in step 1
- tadaa, you now have the time-key on your screen and on your clipboard!