Tokn - A CLI TOTP app
- 11 Devlogs
- 14 Total hours
A CLI app that generates TOTP keys
The add command will now check for existing keys by comparing the issuer and label.
Nothing too major, as I haven’t had much time to work on the project. Instead of always requiring a subcommand when running the add command, it will default to QR code because that is the most common. Then, the option to add just a normal secret key is –code, and, now, I implemented just getting from an URI. Also, I made it so that the QR and URI inputs will allow the user to override the output because they generally come with the issuer and label.
I have started working on improving the overall UX of the app. Instead of an init command, it will automatically detect if the user is a new user and run a sort of wizard. It’s still a little wonky, and I will fix that tomorrow, but when it is done the app will be much easier to use.
I have split the add command into QR and just a regular raw secret key. The QR option only asks for the image path, because the URI should contain the issuer and label. This should increase clarity for the user because it won’t change the arguments passed to the command based on a flag as it did before.
I switched to using a pyproject.toml file because this will be getting published sometime, and I will probably also use poetry. For the sake of compatibility with the other established TOTP apps, as well as to use the full extent of the TOTP URIs (they contain the issuer and account name already), I decided to divide the keys into issuers and accounts under those issuers. I will work on redesigning the add command to do this. Progress!
I added a way to get the secret key from a QR code image to make it easier for the user to use. Previously they would have to scan the image themselves and get the code.
I have polished some of the prompts. The keys file is also stored in a platform-agnostic way (on Linux it will be stored in ~/.local/share/tokn, but on Windows is another location).
Since last time:
- The init command initializes a new keys file; I would’ve just made it automatically initiate the process upon any command, but it would’ve made things like the get command a little wonky
- The list command lists all the keys
- The passwd command (not shown) changes the password
- The rm command removes a key
- I have added input validation to most of the commands now, and I found out how to do aliases
I still need to polish some things, specially the consistency of the vocabulary (keys, services, etc.) and the prompts
I got the basics of the app working! I can add new secrets and then retrieve them. I decided to show the next code because it doesn’t update automatically (it is meant to be a CLI app), so this will help if the code has a few seconds left. The password also takes a few seconds to verify, so this will prevent having to run it over and over. The next feature is data validation, as it is very basic right now.
I have the encryption working, so now I can grab the password salt, make the password hash from that, and use it to decrypt the other part of the file. I wrote this little test to showcase it, the key is generated and then I can encrypt and decrypt the file. Next thing to work on is storing the secret keys.
I can generate basic TOTPs now! This is currently with a random key, but soon I will add files to store the keys.
