Skip to content

Abdulmumin1/tiny.authenticator

BranchesTags

Repository files navigation

Tiny Authenticator

A CLI TOTP (Time-based One-Time Password) authenticator built with TypeScript and Ink. Manage your 2FA tokens with ease, supporting registration via QR codes, secure storage, and export/import capabilities compatible with Google Authenticator.

Installation

Quick Install (Recommended)

curl -fsSL https://tinyuth.yaqeen.me/install.sh | bash

This downloads the prebuilt binary for your platform and adds it to your PATH.

Via npm/bun

bun add -g tinyuth@latest
# or
npm install -g tinyuth@latest

TOTP Algorithm Overview

TOTP (Time-based One-Time Password) is a standard for generating temporary passwords based on time. It uses HMAC-SHA1 (or other hash functions) with a shared secret and the current time to produce 6-8 digit codes that change every 30 seconds.

  • Uses system keychain (keytar) for encrypted secret storage
  • Native OS screenshot tools for capturing QR codes
  • Compatibility with Google Authenticator export/import

How TOTP Works

  1. Shared Secret: A base32-encoded secret key shared between the authenticator and the service
  2. Time Window: Current Unix time divided by 30-second intervals
  3. HMAC Calculation: HMAC-SHA1 of the time counter using the secret key
  4. Dynamic Trunacation: Extract 4 bytes from the HMAC result using dynamic truncation
  5. Code Generation: Convert to a 6-digit number (modulo 1,000,000)

Dynamic Trunacation algo (interactive article on thirdpen.app)

Dynamic Trunacation algo (interactive article on thirdpen.app)

Privacy & Security

  • No Data Transmission: All operations local, no internet required
  • Encrypted Storage: Secrets stored in OS-native secure storage
  • Temporary Displays: QR codes shown only when requested

Contributing

# Clone the repository
git clone <repository-url>
cd tiny.authenticator

# Install dependencies
bun install

Usage

# Show usage
tinyuth

# Register by capturing QR code from screen
tinyuth register cc

# Register a new token manually
tinyuth register

# Show all tokens
tinyuth show

# Show specific account token
tinyuth "GitHub:username"

Import/Export

# Import from Google Authenticator migration URI
tinyuth import google "otpauth-migration://..."

# Import from QR code image file
tinyuth import qr /path/to/qr.png

# Export all accounts as Google migration QR
tinyuth export google

# Export single account as QR
tinyuth export qr "issuer:name"

Command Reference

Command Description
register Interactive token registration
register cc Capture QR from screen for registration
show Display all active tokens
show <account> Display token for specific account
import google <uri> Import from Google migration URI
import qr <path> Import from QR code image
export google Export all as Google migration QR
export qr <account> Export account as QR code

Security Notes

  • Secrets are stored encrypted in your system's keychain
  • QR codes are displayed temporarily and not saved
  • No data is transmitted over the internet
  • Compatible with RFC 6238 TOTP standard

Requirements

  • macOS, Linux, or Windows
  • For QR capture: system screenshot tools (built-in)

Development

Built with:

  • TypeScript: Type-safe development
  • Ink: React-like CLI components
  • Protobuf.js: Google migration protocol handling
  • Keytar: Secure credential storage

License

MIT License

About

A Cli TOTP (Time-based One-Time Password) authenticator built with TypeScript

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Release v0.0.16 Latest
Jan 1, 2026

Packages

No packages published

Languages