Sunday, February 13, 2011

cli java based google-authenticator desktop client direct from your shell

Gmail released two factor auth for mail and apps the other day:

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I've been futzing with two factor for a while. It is all rather cool. Most of the grown up two factor auth systems have a desktop client. Here is the code I hacked out of the Google Android Java Client to be able to do the same thing from the cli on *any* java platform:


http://www.jcuff.net/files/Authenticator.tgz

It is pretty idiot proof simple java now - just three files, it is set to read the first line of your .google-authenticator file (or any other file of your choice that has one line with the secret in it - you can grab this from your qr code generator, or from google-apps charts if you are using this for Gmail). Yeah I know this should come from a server and be more secure, but for now files are good enough for what I'm using this to secure (this is not super secret work stuff!)

Michele also needs much kudos for helping me (and putting up with me) with assorted idiot questions about "classes" and "constructors"! I only did the time based auth one... life is too short for me, maybe others can run with this :-)

Compile:
jcuff@srv:~/auth$ javac -cp ./ Authenticator/*.java 

Run (point at your auth home):
jcuff@srv:~/auth$ java -classpath ./ Authenticator.Main /home/jcuff/.google_authenticator 

Example:
Authenticator Started!
:----------------------------:--------:
:       Code Wait Time       :  Code  :
:----------------------------:--------:
+++++++++++++++++++++++++++++: 964323 :
..............+++++++++++++++: 523907 :
.............................: 867553 :
.............................: 053547 :
^C
jcuff@srv:~/auth$ 

*UPDATE*

There was a question on the forum about google-authenticator for windows:

http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6f8fc8ea463a2e26

I guess this post here now forms as good a starting point as any for a quick and dirty windows desktop and google-authenticator. I made a jar file of the above, feel free to make your own from the source, or if you don't have the windows SDK at hand you can also quickly download this JAR.

Once you have the jar you can simply do this in a windows cmd.exe (you can see in this example we use notepad.exe from the cmd to save your secret 16 char key to the file secret.txt):


Update 2!
http://blog.jcuff.net/2011/09/beautiful-two-factor-desktop-client.html
lovely new java based GUI for this client code!




[any opinions here are all mine, and have absolutely nothing to do with my employer]
(c) 2011 James Cuff