TQ
dev.com

Blog about software development

Subscribe

Free OTP 'soft token' written in Go

08 Nov 2020 - by 'Maurits van der Schee'

I have written open-source software that you can use as an alternative to Google/Microsoft Authenticator on any device (that Go can cross-compile for). You may (for instance) run it on your Raspberry Pi (zero) and use it as a "semi-hardware" token. The software does not (yet) support QR code scanning, so you you need to manually enter the name and secret to set up the token.

Time-based One Time Passwords (TOTP)

Time-based One Time Passwords (TOTP) is a technology where you agree on a shared secret with an authentication system. This shared secret is often shared via a QR code and stored in for instance a smartphone. The shared secret is combined with the UTC time in seconds in then hashed to produce a 6 digit code that is valid for 30 seconds. This is the protocol that is used by Google Authenticator and Microsoft Authenticator.

Text mode user interface (TUI)

I have chosen to create a text mode application to make it really easy to cross compile and build the application. This also means that the application uses very little resources and is very small (4 megabytes) even though all dependencies are statically linked.

Roadmap, more features

There are several features that I can think of that this project may get/need:

Maybe even support for other/better protocols, based on public/private key encryption, such as 'WebAuthn'.

Download

You can find the code on my Github. Go to the releases section to download binaries and source code (click on 'Assets').

https://github.com/mevdschee/go-soft-token

Try it out and let me know what can be improved through the Github issues.

Enjoy!


PS: Liked this article? Please share it on Facebook, Twitter or LinkedIn.