Skip to content

Highly secure and easy to use OTP client written in C/GTK3 that supports both TOTP and HOTP

License

Notifications You must be signed in to change notification settings

fvcr/OTPClient

 
 

Repository files navigation

OTPClient

CircleCI Coverity Scan Build Status

Highly secure and easy to use GTK+ software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).

Requirements

Name Min Version
GTK+ 3.24
Glib 2.68.0
jansson 2.12
libgcrypt 1.10.1
libpng 1.6.30
libcotp 3.0.0
zbar 0.20
protobuf-c 1.3.0
protobuf 3.6.0
uuid 2.34
libsecret 0.20
qrencode 4.0.2

⚠️ Please note that the memlock value should be >= 64 MB. Any value less than this may cause issues when dealing with tens of tokens (especially when importing from third parties backups). See this wiki section for info on how to check the current value and set, if needed, a higher one.

Features

  • integration with the OS' secret service provider via libsecret
  • support both TOTP and HOTP
  • support setting custom digits (between 4 and 10 inclusive)
  • support setting a custom period (between 10 and 120 seconds inclusive)
  • support SHA1, SHA256 and SHA512 algorithms
  • support for Steam codes (please read THIS PAGE)
  • import and export encrypted/plain andOTP backup
  • import and export encrypted/plain Aegis backup
  • import and export plain FreeOTPPlus backup (key URI format only)
  • import and export encrypted/plain AuthenticatorPro backup
  • import and export encrypted/plain 2FAS backup
  • import of Google's migration QR codes
  • local database is encrypted using AES256-GCM
    • key is derived using PBKDF2 with SHA512 and 100k iterations
    • decrypted file is never saved (and hopefully never swapped) to disk. While the app is running, the decrypted content resides in a "secure memory" buffer allocated by Gcrypt

Testing

  • Before each release, I run PVS Studio and Coverity in order to catch even more bugs.
  • With every commit to master, OTPClient is compiled in CircleCI against different distros

Protobuf

The protobuf files needed to decode Google's otpauth-migration qr codes have been generated with protoc --c_out=src/ proto/google-migration.proto

Wiki

For things like roadmap, screenshots, how to use OTPClient, etc, please have a look at the project's wiki. You'll find a lot of useful information there.

Manual installation

If OTPClient hasn't been packaged for your distro (check here) and your distro doesn't support Flatpak, then you'll have to manually compile and install OTPClient.

  1. install all the needed libraries listed under requirements
  2. clone and install OTPClient:
git clone https://github.com/paolostivanin/OTPClient.git
cd OTPClient
mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr ..
make
sudo make install

License

This software is released under the GPLv3 license. Please have a look at the LICENSE file for more details.

About

Highly secure and easy to use OTP client written in C/GTK3 that supports both TOTP and HOTP

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 97.7%
  • CMake 2.0%
  • Shell 0.3%