Skip to content

paolostivanin/OTPClient

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

799 Commits
.ci
.ci
 
 
.circleci
.circleci
 
 
data
data
 
 
flatpak
flatpak
 
 
man
man
 
 
po
po
 
 
proto
proto
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 

Repository files navigation

OTPClient

Highly secure and easy to use GTK4/libadwaita application for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).

Requirements

Name Min Version
GTK 4.18.0
libadwaita 1.5.0
Glib 2.82.0
jansson 2.14
libgcrypt 1.11.0
libpng 1.6.30
libcotp 4.0.0
zbar 0.20
protobuf-c 1.4.0
uuid 2.34
libsecret 0.20
qrencode 4.1.0

⚠️ Please note that the memlock value should be >= 64 MB. Any value less than this may cause issues when dealing with tens of tokens (especially when importing from third parties backups). See this wiki section for info on how to check the current value and set, if needed, a higher one.

Features

  • integration with the OS' secret service provider via libsecret
  • support both TOTP and HOTP
  • support setting custom digits (between 4 and 10 inclusive)
  • support setting a custom period (between 10 and 120 seconds inclusive)
  • support SHA1, SHA256 and SHA512 algorithms
  • support for Steam codes (please read THIS PAGE)
  • import and export encrypted/plain Aegis backup
  • import and export plain FreeOTPPlus backup (key URI format only)
  • import and export encrypted/plain AuthenticatorPro backup
  • import and export encrypted/plain 2FAS backup
  • import of Google's migration QR codes
  • local database is encrypted using AES256-GCM
    • key is derived using PBKDF2 with SHA512 and 100k iterations
    • decrypted file is never saved (and hopefully never swapped) to disk. While the app is running, the decrypted content resides in a "secure memory" buffer allocated by Gcrypt

Protobuf

The protobuf files needed to decode Google's otpauth-migration qr codes have been generated with protoc --c_out=src/ proto/google-migration.proto

Wiki

For things like roadmap, screenshots, how to use OTPClient, etc, please have a look at the project's wiki. You'll find a lot of useful information there.

Manual installation

If OTPClient hasn't been packaged for your distro (check here) and your distro doesn't support Flatpak, then you'll have to manually compile and install OTPClient.

  1. install all the needed libraries listed under requirements
  2. clone and install OTPClient:
git clone https://github.com/paolostivanin/OTPClient.git cd OTPClient mkdir build && cd build cmake -DCMAKE_INSTALL_PREFIX=/usr .. make sudo make install

License

This software is released under the GPLv3 license. Please have a look at the LICENSE file for more details.

About

Highly secure and easy to use OTP client written in C/GTK3 that supports both TOTP and HOTP

Topics

c otp gnome gtk3 totp hotp 2fa 2factor 2fa-security 2fa-client

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity

Stars

541 stars

Watchers

9 watching

Forks

51 forks
Report repository

Releases 76

v4.4.1 Latest
Mar 3, 2026
+ 75 releases

Contributors

Languages