TOTP with oathtool

You can generate TOTP codes, based on RFC6238, from the command line using oathtool. You may want to generate a TOTP code to use as a second factor to authenticate on an account login. Some of the big web services currently supporting TOTP include Google, Microsoft, and Amazon AWS. When you set up an account with TOTP it will normally show you a QR Code along with an equivalent manual entry code. This manual entry code is a cryptographic seed in either Base32 or HEX, and is used by oathtool along with a time value to generate a TOTP code.

Install oathtool on Ubuntu using:

sudo apt-get install oathtool

The cryptographic seed should be 32 characters of Base32 or 40 characters of HEX. If you’ve been given a shorter seed you can pad the end of it. Base32 seeds are padded at the end with lowercase a, “a”. HEX seeds are padded with the numeral zero, “0”.

Generating a TOTP code from a 32 character Base32 string:

oathtool --totp --base32 -v "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

Generating a TOTP code from a 40 character HEX string:


To learn all about oathtool have a read of the manpage:

man oathtool