A solemn pledge or promise, appealing to a deity, a ruler, or another entity (not necessarily present) to attest to the truth of a statement or sincerity of one's desire to fulfill a contract or promise.
Oath is an Oh My ZSH plugin that manages 2FA
authentication 6 digit tokens. It's highly inspired in
Oath pre-requisites are as follows:
oathtoolfor generating 6 digit tokens.
gnupg2for handling private keys securely.
xclipfor copying to clipboard.
- An RSA 4096 bits long key (check this section for generating a key).
Oath allows to add, remove keys as well as show the temporal 6 digit token
- Adding a new key for a domain e.g. for
~ $ oath add twitter.com Private Key: [SUCESS] Key created for twitter.com
- Deleting a key for a domain e.g. for
~ $ oath delete twitter.com [WARN] Deleting $OATH_DIR/.oath/twitter.com/424184E122529120CC1821756759ADDD12CB6379.gpg [WARN] Deleting $OATH_DIR/.oath/twitter.com [SUCCESS] Key deleted for twitter.com
- Showing (and copying to clipboard) the current 6 digit token e.g. for
~ $ oath twitter.com 012345 [SUCCESS] Code copied to clipboard
- Showing (and copying to clipboard) the key for a domain e.g. for
~ $ oath pk twitter.com SomePrivateKey [SUCCESS] Private key copied to clipboard
- Listing keys for all domains e.g:
~ $ oath list twitter.com twitter.com github.com
Oathto latest version:
~ $ oath update
Oath as follows:
~ $ git clone "https://github.com/alexdesousa/oath.git" "$ZSH_CUSTOM/plugins/oath"
And add the oath to your
# Activate completions autoload -U +X compinit && compinit autoload -U +X bashcompinit && bashcompinit plugins=( oath ) # Variables for Oath export OATH_KEY=<My Oath key> export OATH_EMAIL=<My Oath email>
Important: when updating you can run the following:
cd `$ZSH_CUSTOM/plugins/oath` && git pull origin master
Generating a Key
First you need to create a key with
gpg2 as follows:
$ gpg2 --full-gen-key
This will prompt several questions:
Kind of key: Hit
RSA and RSA:
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (14) Existing key from card Your selection? 1
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits
0for no expiration.
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all
yif everything is correct.
Is this correct? (y/N) y
Identify the key with:
GnuPG needs to construct a user ID to identify your key. Real name: Alex de Sousa Email address: email@example.com Comment: My Oath key You selected this USER-ID: "Alex de Sousa (My Oath key) <firstname.lastname@example.org>"
oif everything is correct.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Move you mouse to generate entropy:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
Retrieve your key:
gpg: key 6759ADDD12CB6379 marked as ultimately trusted gpg: revocation certificate stored as '/home/alex/.gnupg/openpgp-revocs.d/424184E122529120CC1821756759ADDD12CB6379.rev' public and secret key created and signed. pub rsa4096 2020-02-06 [SC] 424184E122529120CC1821756759ADDD12CB6379 uid Alex de Sousa (Oath key) <email@example.com> sub rsa4096 2020-02-06 [E]
Then we'll only need the
uid e.g. in our example the
the following two values:
Important: The key will be in your
$HOME/.gnupgfolder. Saving this folder is enough to back it up.
Alexander de Sousa.
Oath is released under the MIT License. See the LICENSE file for further