|
|
|
|
|
|
by mid-kid
296 days ago
|
|
|
I've been storing OTP secrets using `pass`[0] with `pass-otp`[1]. This does the whole symmetric encryption for me using `gpg`, decodes the URL for me to pass it into oathtool, and allows me to share the codes with my phone using Android Password Store[2]. This is all deceptively simple to set up, assuming you have a git server you trust to synchronize the codes with, or some kind of other method using maybe tailscale or syncthing? As long as you don't need the codes on Windows, where the QtPass app is unmaintained and can't generate OTP codes on Windows, you're mostly good. Oh and I use `zbarimg` to decode the QR, as I've integrated it with my screenshot script and it can decode more than just QR codes. [0]: https://www.passwordstore.org/ [1]: https://github.com/tadfisher/pass-otp [2]: https://f-droid.org/packages/app.passwordstore.agrahn/ |
|
|
gpg actually uses a public/secret key pair with pass which has a pretty cool effect that you don't need to enter your passphrase when adding an entry to the store, because it uses the public key to encrypt.