Linux command
oathtool 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Generate TOTP code from secret
oathtool --totp --base32 [SECRET_KEY]
Generate HOTP code
oathtool --hotp --counter [1] --base32 [SECRET_KEY]
Generate 8-digit code
oathtool --totp --base32 --digits [8] [SECRET_KEY]
Validate a TOTP code
oathtool --totp --base32 [SECRET_KEY] [123456]
Generate code with time window
oathtool --totp --base32 --now "[2024-01-15 12:00:00 UTC]" [SECRET_KEY]
Use SHA256 algorithm
oathtool --totp=sha256 --base32 [SECRET_KEY]
Show verbose output
oathtool --totp --base32 -v [SECRET_KEY]
说明
oathtool generates and validates one-time passwords for two-factor authentication. It supports both HOTP (RFC 4226, counter-based) and TOTP (RFC 6238, time-based) algorithms. TOTP is the standard used by authenticator apps (Google Authenticator, Authy, etc.). The secret key is typically provided as a base32 string during 2FA setup. Running oathtool with this secret generates the same codes as the authenticator app. For validation, provide both the secret and the code to verify. The window option allows for clock skew by accepting codes from adjacent time periods. HOTP uses an incrementing counter instead of time. Each code generation should increment the counter. This mode is less common but useful for hardware tokens. Different services use different parameters - some require 8 digits or SHA256. The verbose flag shows the calculation details for debugging setup issues.
参数
- --totp=_ALG_
- Generate time-based OTP (sha1, sha256, sha512).
- --hotp
- Generate counter-based OTP.
- -b, --base32
- Secret is base32 encoded.
- -d _NUM_, --digits _NUM_
- Number of digits (default: 6).
- -c _NUM_, --counter _NUM_
- Counter value for HOTP.
- -s _SEC_, --time-step-size _SEC_
- Time step in seconds (default: 30).
- -S _TIME_, --start-time _TIME_
- Start time for TOTP (Unix timestamp or ISO).
- -N _TIME_, --now _TIME_
- Use specified time instead of current.
- -w _NUM_, --window _NUM_
- Window for validation.
- -v, --verbose
- Show detailed output.
FAQ
What is the oathtool command used for?
oathtool generates and validates one-time passwords for two-factor authentication. It supports both HOTP (RFC 4226, counter-based) and TOTP (RFC 6238, time-based) algorithms. TOTP is the standard used by authenticator apps (Google Authenticator, Authy, etc.). The secret key is typically provided as a base32 string during 2FA setup. Running oathtool with this secret generates the same codes as the authenticator app. For validation, provide both the secret and the code to verify. The window option allows for clock skew by accepting codes from adjacent time periods. HOTP uses an incrementing counter instead of time. Each code generation should increment the counter. This mode is less common but useful for hardware tokens. Different services use different parameters - some require 8 digits or SHA256. The verbose flag shows the calculation details for debugging setup issues.
How do I run a basic oathtool example?
Run `oathtool --totp --base32 [SECRET_KEY]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --totp=_ALG_ do in oathtool?
Generate time-based OTP (sha1, sha256, sha512).