T2F2 OTP CLI tool for Windows
1. Requirements
2. Installation
No installation is required, just download and unzip the archive.
3. Usage
- Please plug the token using one of the available interfaces:
-
NFC: Please plug your PC/SC (USB NFC) reader and ensure to have the recent drivers installed.
-
USB: Please plug the token to the USB port of your computer.
-
NFC: Please plug your PC/SC (USB NFC) reader and ensure to have the recent drivers installed.
- Please invoke the script to get usage help.
otp-cli.exe --help
This will show the output below:
Token2 HOTP/TOTP CLI Tool
positional arguments:
{set_btn_seed,delete_btn_seed,get_all,read_entry,write_entry,delete_entry,erase_all}
command to be executed
set_btn_seed set the seed of HOTP generator triggered by button press
delete_btn_seed delete the seed of HOTP generator triggered by button press
get_all get all OTP entries
read_entry read a particular OTP entry
write_entry write or update an OTP entry on the token
delete_entry delete OTP entry on the token
erase_all erase all OTP entries on the token
options:
-h, --help show this help message and exit
4. Available commands
Read all OTP entries on the token. In case of all HOTP entries or entries with the "button required" flag set, the code will not be available, although it could be requested with "read single OTP entry" command.
otp-cli.exe get_all
Read a single OTP entry
Read a particular OTP entry on the token. If the token is connected using USB transport and an entry is a HOTP or has a "button required" flag, the command will hang until the physical button is manually pressed on the token.
otp-cli.exe read_entry --app-name "Test app" --account-name "Test account"
Write or update OTP entry
Create a new OTP entry on the token. If there is already an entry which matches both application and account name, that existing entry will be overriden with the new configuration.
otp-cli.exe write_entry --app-name "Test app" --account-name "Test account" --seed JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP
otp-cli.exe write_entry --type TOTP --algorithm SHA1 --timestep 30 --code-length 6 --button-required --app-name "Test app" --account-name "Test account" --seed JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXPThis command uses the following parameters:
--algorithm SHA1 or SHA256--timestep 30 or 60 (time step in seconds) --code-length 4, 6 or 8 (the length of OTP) --button-required defines whether the button on the device is required to be pressed/touched to show the OTP (does not apply to NFC transport)--app-name the name of the app/service (used to identify the OTP profile)--account-name the name of the account (used to identify the OTP profile)--seed the TOTP seed in base32 formatDelete OTP entry
Delete a particular OTP entry identified by the application name and account name.
otp-cli.exe delete_entry --app-name "Test app" --account-name "Test account"
Erase all OTP entries
Delete all existing entries on the token. This will permanently delete all seeds that are currently stored on your token.
otp-cli.exe erase_all
HOTP via HID (keyboard emulation)
Configure HOTP function when the physical button is pressed
otp-cli.exe set_btn_seed --code-length 6 --seed ABCABCAA --short-touch
If you need the OTP to be sent via HID without emulating the Enter keystroke, add --dont-send-enter argument. For cases where numeric keyboard use is required (such as with AZETY keyboards), the --numeric-keyboard can be added.
Delete HOTP seed related with physical button press
otp-cli.exe delete_btn_seed
TOTP Viewer
The package also includes a simple GUI wrapper for the CLI tool, enabling you to easily view and manage TOTP profiles. This feature is known as the TOTP Viewer.
To launch the TOTP Viewer, simply use the "ui.exe" file included in the archive.
Download
The tool can be downloaded here
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!