2018-11-13

[LINUX SHELL] OTP SECRET KEY FOR GOOGLE AUTHENTICATOR

#!/bin/bash
#openvpn-generator-2fa-key.sh
#LastUpdate: #11:25 2018.11.13
#####################################################
#AUTO GENERATE 2FA BASE32 KEY, PER HOUR:
#0 */1 * * * /opt/script/openvpn-generator-2fa-key.sh
#####################################################
#encoding is [base32], [hex] or [text]

BASE32_FOLDER=/opt/openvpn.tcp.53
BASE32_FILE=base32-2fa-key.txt
BASE32_MAX=30

cat /dev/null > $BASE32_FOLDER/$BASE32_FILE
echo "#$BASE32_FOLDER/$BASE32_FILE"             >> $BASE32_FOLDER/$BASE32_FILE
echo "#LastUpdate: #$(date +'%Y.%m.%d-%H.%M.%S.%10N')" >> $BASE32_FOLDER/$BASE32_FILE
echo "########################################" >> $BASE32_FOLDER/$BASE32_FILE
echo "#OTP SECRET KEY FOR GOOGLE AUTHENTICATOR"  >> $BASE32_FOLDER/$BASE32_FILE
echo "#Creating [$BASE32_MAX] BASE32 secret key" >> $BASE32_FOLDER/$BASE32_FILE
echo "########################################"  >> $BASE32_FOLDER/$BASE32_FILE

mkdir -p $BASE32_FOLDER

for (( i=1; i<=$BASE32_MAX; i++ ))
do
    openssl rand -hex 20 > SECRET_KEY_TMP.tmp
    SECRET_KEY=$(cat SECRET_KEY_TMP.tmp)        
    
    #RunningOK:
    oathtool --verbose --totp "$SECRET_KEY" | grep Base32 | awk '{print $3}' >> $BASE32_FOLDER/$BASE32_FILE    
done
echo "########################################" >> $BASE32_FOLDER/$BASE32_FILE
chmod 600 $BASE32_FOLDER/$BASE32_FILE
cat       $BASE32_FOLDER/$BASE32_FILE

#THE-END
#apt-get install oathtool

# root@srv250:/opt/openvpn.tcp.53# openssl rand -hex 20
# 852f95117c67028ab5c068d3689de15e948d430f

# root@srv250:/opt/openvpn.tcp.53# oathtool --verbose --totp "852f95117c67028ab5c068d3689de15e948d430f"
# Hex secret: 852f95117c67028ab5c068d3689de15e948d430f
# Base32 secret: QUXZKEL4M4BIVNOANDJWRHPBL2KI2QYP
# Digits: 6
# Window size: 0
# Step size (seconds): 30
# Start time: 1970-01-01 00:00:00 UTC (0)
# Current time: 2018-11-13 04:18:30 UTC (1542082710)
# Counter: 0x3105805 (51402757)
# 700919

#C2:
# oathtool --base32 --totp "$QUXZKEL4M4BIVNOANDJWRHPBL2KI2QYP" -d 6
# 700919



#RESULT:
########################################
#OTP SECRET KEY FOR GOOGLE AUTHENTICATOR
#Creating [30] BASE32 secret key
########################################
QKFLKLWPZGQZNKE2FHZHDN2352QEXYAD
DY7SXTC246PLTHYXPHTD54GV5F4GF475
Q22CFAIDLDOFWNU4JE67CRAXYRUHWAC5
ZHOS2AB3UCEXEEJLSX7KIHT3I7LEPCXI
WGY3F5YUDOMA3G7DBXGHEH7LWXFATBGM
WIAKYWV36GB2NXWLLIBPUP4Y3IGNALGL
E57KW3WHQBKFCZJHEQ6CWCGYLWBDXO7D
NIII225B4XHNHMOLQRDJH7QTMBIUHNYZ
QFGUOIJZUDX6UJKUMED52QHLSPEJ6YAW
TTYF3WWLTOESJ7TL6XYK7WLL76CP6P7G
WCMS2NI5DTKE25XTNHRX7TYI67CNPTOA
EFAMTM3AI3Q7QBEZIDMJLJTKM2JNUYKY
PSFEN2NEEWVHILE5Y7BRS25RJUHVFBEY
5CHB5PP4D64DKWHTSDGETIUXIH2AH3N6
MF3X5Y5VKZKDFFISZ6ROIUKHFENN7TZ2
U6CQVXNJXPKVMSKHNMGSO6QRHITJZ4RP
PZWP6PYOVYXMFEK5ZHG6KKCZQ7M6QENB
LOGXIOVC2YSOHD7HIUGGW5KUDPL6TSBP
6UQBDJMUHSTGM4VUH3OOLNNVGBHWVZ72
XMYCXSQDAV2MGKMFQPT3DSLXEWE6N3VZ
YGR73IANJ7KVSDXBRP6FJY5JTIHDAJCW
24BROO6C7LVTSQ2MT4MDF5RAVF3UI5QO
3TFJWF3UWXPALFLE2CRHE4DIH3VAHFSY
EQW2PKRGSROAUV6SSNTTV4A3MSB234RA
25ZNKJJMQIY5GJ5KSKTLBDPKU326TP4E
IHYEKC6IEBNE6X5Q3OMPYUQNYMX6NN3Y
3DORFK5RZ6ZGEMAH5DU7H74SM6OLTHBS
E2O6VRU7LPKDUJGAKHKGBSEN7XKPHXRA
Y62Q2AIMZ53QCHNOGARPP3WC4VZTU23G
QBEXQJFMBION6BLGKLAZ5K3C7ROWKPLA
########################################
root@srv250:/opt/openvpn.tcp.53#