This project is a One Time Passcode (OTP) Regenerator that you can use to regenerate OTP provisioning URIs and QR codes, or to parse Google Authenticator exports. Useful for transitioning existing OTPs to a new service or app, like Google Authenticator.
I had a problem: I wanted to migrate my Google OTP, for which I only had the Authenticator export, to another application (migration). I also wanted to add an OTP to Authenticator for which I only had the secret (regeneration). This utility lets me do both!
- Create and display or save QR codes for your existing OTPs.
- Support for both Time (TOTP) and Counter (HOTP) based OTPs.
- Generate new provisioning OTPs from Google Authenticator exports.
- Advanced parameters for OTPs that use non-standard algothms, length, or periods.
Install using pip, or your preferred python package manager, from pypi:
pip install reotp
If you want to download and tinker, just clone or fork the repo:
git clone https://github.com/cbinckly/reotp.git
The python package installs a shim, reotp, so you can run it from the command line.
It has two modes of operation: regenerate to create a provisioning QR Code
from a secret; migration to create one for an otpauth-migration URI.
Although you can provide secrets and URIs as arguments, better to provide them interactively so they aren't saved in your shell history.
$ reotp --help
usage: reotp [-h] [-i ISSUER] [-u USER] [-a] [-q] [-f PATH] [-p] {regenerate,migration} ...
Regenerate an existing OTP.
positional arguments:
{regenerate,migration}
regenerate Regenerate from secret.
migration Regenerate from otpauth-migration URI.
options:
-h, --help show this help message and exit
QR Options:
-i ISSUER, --issuer ISSUER
Issuer for TOTP. This is the name that will appear in your app.
-u USER, --user USER Username for the OTP. If not provided library defaults to 'Secret'.
Output Options:
-a, --qrcode-ascii Display an ascii QR code for the OTP.
-q, --qrcode-preview Display a QR code image for the OTP.
-f PATH, --qrcode-png PATH
Write the QR code image for the OTP to a file.
-p, --provisioning-uri
Print the QR code provisioning URI.
---
$ reotp regenerate --help
usage: reotp regenerate [-h] [-s SECRET] [-c CURRENT_COUNT] [-d {6,8}] [-a ALGORITHM] [-p PERIOD]
options:
-h, --help show this help message and exit
-s SECRET, --secret SECRET
Secret for the TOTP. If not provided, requested interactively so you don't leak the secret in shell history.
Advanced:
Advanced options that you probably do not need.
-c CURRENT_COUNT, --counter CURRENT_COUNT
Counter based OTP with current count.
-d {6,8}, --digits {6,8}
Number of digits.
-a ALGORITHM, --algorithm ALGORITHM
Hashing algorithm.
-p PERIOD, --period PERIOD
Refresh period in seconds.
---
$ reotp migration --help
usage: reotp migration [-h] [-m URI]
options:
-h, --help show this help message and exit
-m URI, --migration-uri URI
otpauth-migration:// URI. If not provided, requested interactively.
Use the regenerate function to create a new provisioning URI:
reotp -i YourIssuer -u YourUsername -q -f path/to/your/qr_code.png regenerate -s YourSecret Use the migration function to create a new provisioning URI from a migration URI:
reotp -i YourIssuer -u YourUsername -q -f path/to/your/qr_code.png migration -m otpauth+migration://offline?...To generate a TOTP provisioning URI from a secret and display a QR code, you would run:
$ reotp -i ExampleIssuer -u exampleuser -q regenerate -s MYSUPERSECRET123Or, even better, provide the secret interactively:
$ reotp -i ExampleIssuer -u exampleuser -q regenerate
Secret: MYSUPERSECRET123To generate an HOTP (counter based) with a current count of 100, using sha256 and a length of seven:
$ reotp -i MyIssuer -q regenerate -a sha256 -d 7 -c 100
Secret: MYSUPERSECRET123To migrate a Google Authenticator export to a new provisioning URL:
$ reotp -i MyIssuer -u MyUserName -q migrate
Migration URI: otpauth-migration://offline?data=...You can use the zbar binaries, like zbarimg or zbarcam, to pipe the
migration URI directly. Given an exported QR code in
exported_google_otp_qr.png that we want a new provisioning QR Code
for:
$ zbarimg -q --raw exported_google_otp_qr.png | reotp -q migrateIf you're constrained to working at a shell, no problem, print the QR Code as ascii to the console!
$ zbarimg -q --raw exported_google_otp_qr.png | reotp -a migrateContributions are welcome! If you have suggestions for improvements, feel free to fork the repository, make your changes, and submit a pull request.
- Fork the repository.
- Create your feature branch (
git checkout -b feature/AmazingFeature). - Commit your changes (
git commit -m 'Add some AmazingFeature and more details regarding the change'). - Push to the branch (
git push origin feature/AmazingFeature). - Open a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
The protobuf schema for OTP migration is from https://alexbakker.me/post/parsing-google-auth-export-qr-code.html and licensed under CC-SA-BY 4.0. Thanks Alex!