Vivokey Codes - TOTP authenticator utility for Linux

Here is a little tray utility for Linux / GTK to read codes from a Vivokey OTP applet and copy them into the clipboard, ready to be pasted into whatever application or website that requires a code:

In the following video, you can see me using it to log into GitHub using my Apex Mega:

Functionally, this is nothing more than the Vivokey Authenticator but running natively in Linux, so that it’s capable of sticking the codes it reads from the implant directly into the clipboard.

The Android Vivokey Authenticator app does that too, but only if you paste the code into another Android app. If you prefer using desktops or laptops, then you have to type the code given by the Android app by hand, which kind of defeats the convenience of having an implant. With this little program, you can use your Vivokey OTP codes seamlessly and efficiently in your Linux desktop.

Incidentally, I named it Vivokey Codes so it doesn’t create confusion with the Vivokey Authenticator app for Android. But really, think of it as kind of the same thing, only for another platform.

12 Likes

this is so rad, thank you for your hard work!! can’t wait to get a flex and use this.

3 Likes

I’m having a little trouble getting the vivokey-manager working. Installing it from the package manager on Fedora only gives me a binary same with pip. I was able to direct the wrapper to that binary just fine but it doesn’t seem to try communicating with the Mega. All it does is paste the help text. I’m wondering how you went about installing the yubikey-manager to get the python interpreter?

You don’t need Yubico’s Python interpreter, strictly-speaking. You can use any reasonably decent Python3. But the generic Python3 won’t find the Yubico modules out of the box.

I installed the Yubico Manager from the deb packages - since I run Mint. It’s all packaged up and setup properly for a Debian box: it drops all the necessary modules with the correct version, and the tweaked-up Python3 interpreter with the correct path in /opt, conveniently.

But you say it pastes the help. So I guess it finds the right modules already. Although… What do you mean by that exactly?

Or said another way: can you copy/paste the offending bit in your terminal? :slight_smile:

Tell you what, I’ll try install it in my Fedora VM.

This is what I get when running ./vkman.py -r 0 info or ./vkman.py -r ACR122U oath accounts list

[ryan@ryandesktop vivokey-manager]$ ./vkman.py -r 0 info
Usage: ykman [OPTIONS] COMMAND [ARGS]...

  Configure your YubiKey via the command line.

  Examples:

    List connected YubiKeys, only output serial number:
    $ ykman list --serials

    Show information about YubiKey with serial number 0123456:
    $ ykman --device 0123456 info

Options:
  -d, --device SERIAL             Specify which YubiKey to interact with by serial number.
  -r, --reader NAME               Use an external smart card reader. Conflicts with --device and list.
  -l, --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL]
                                  Enable logging at given verbosity level.
  --log-file FILE                 Write logs to the given FILE instead of standard error; ignored unless --log-level is also set.
  --diagnose                      Show diagnostics information useful for troubleshooting.
  -v, --version                   Show version information about the app
  --full-help                     Show --help, including hidden commands, and exit.
  -h, --help                      Show this message and exit.

Commands:
  info     Show general information.
  list     List connected YubiKeys.
  config   Enable or disable applications.
  fido     Manage the FIDO applications.
  oath     Manage the OATH application.
  openpgp  Manage the OpenPGP application.
  otp      Manage the YubiOTP application.
  piv      Manage the PIV application.

I am running the ACR122U and I have the drivers installed as far as I recall. Also running the pcscd daemon.

Okay it works for me. All I had to do was replace the first line

#!/opt/venvs/yubikey-manager/bin/python

by

#!/usr/bin/python3

And then the magic ensues:

If that does it for you, I’ll add something in the README. I’ll admit it’s not particularly obvious what’s going on if you’re not fairly deep into Python.

1 Like

That was it!!! I don’t know why I didn’t think of doing that. Thank you @Rosco this is amazing : )

now to install vivokey-codes!

1 Like

Alrighty looks like you’s in business :slight_smile: Let me know if you have trouble with the GUI.

The GUI is working perfectly after I moved vkman from my home directory where I was testing it to /usr/bin.

Great! There are two happy users now - one of them being the author :slight_smile:

2 Likes

This along with the 1fa and 2fa check the boxes for me. It is time for me to get my Mega installed.

Two things real quick.

  1. I’ve noticed that if you leave the Mega on the reader and try to copy a OTP code it will only copy the code at the bottom of the list.
  2. Feature suggestion. Adding a timer to indicate how long until the codes are made invalid. And possibly clear the codes when they expire.

I’ll dig into it and see if my admittedly limited skills with programming would be able to tackle at least one of these.

1/ Once you have it implanted in you, you’ll quickly realize it’s not typical to keep the implant on the reader :slight_smile:
I couldn’t reproduce it, but it might have been a visual artifact: what happens is, the utility tries to read the tag over and over. When it re-reads it, it clears the current list of codes and tells you it’s read x number of codes. So you might think it’s not copied the correct code when you clicked on it but it should have - despite the list changing constantly.

But no matter, I made the list not change if the data that’s been re-read is identical. That should fix whatever you’re seeing - until the returned codes actually do change that is.

2/ Check out the latest version: it already does it: the codes are displayed in bold as long as they’re valid, and turn to light text when they’re deprecated. They don’t get cleared out, but I did add a timeout in the application that will close the main window if it’s idle for more than 2 minutes.

Also, in the latest version, you’ll notice that you can open the window with the middle-click, and also paste the code into an application with the middle-click also. A convenient GNOME feature!

2 Likes

It could be but I doubt it. The bug is fixed in the latest version anyways.

This and the middle-click work spectacularly and they’re what I was wanting. Some kind of timeout indicator and a less annoying way to bring the gui up.

I did have a question for you when I was reading through the code. I can see you included the possibilities to have a config file. What all are the options that are available to have in the config?

That’s the power of using your own software: I too wanted something less annoying :slight_smile:

You already have a config file: ~/.vivokey_codes.cfg. At least it should be there if you changed anything in the top setup lines. It just saves the name of the reader if it’s not default, the password (if you have it set to be remembered) and whether it does remember it or not, is all. It’s not really meant to be changed manually, but you can if you want :slight_smile:

1 Like

This is fully above my head, but I can tell that as always @Rosco drops the coolest gifts

3 Likes

Not: if you’ve ever setup an account for 2FA with Google Authenticator or Yubikey, it’s the same thing. Only the “Yubikey” in this case is a Vivokey and it’s under your skin (and it hasn’t been released yet).

If you don’t know anything about 2FA, I urge you to get into it for the sake of securing your accounts. It’s not complicated and it’s well worth the 5 minutes it takes to figure out what it is and what it does.

Heh thanks :slight_smile: Hopefully this will be useful to others also when the Apices (Apexes?) finally do hit the shelves.

I do love me some config files. Having even a handful of settings that can be adjusted to preference is a nice thing to have.

Apexi

100% and THANKS for taking the time to share, It is on my list of things to do, when I get mine