The Tokens-TOTP App

Long story short

Since I have been looking for an app to manage my two-factor authentication codes in a securely manner, I decided to write my own app. Why? First of all, I did not find an app which stores the master keys encrypted, so in theory, it is possible to copy them from your phone very easily. In most apps there is also no possibility to back up the codes e.g. to your computer. Some of them offer an "online" backup, but I think that is one of the worst things you can do, as you never know where your keys reside.

Other than that, I wanted to manage Keys of other length than 6 digits and other intervals of validity. The result is that you can tweak all parameters of your OTP keys. However, due to its popularity, the default is a Google-like token configuration.

Download

DISCLAIMER: As the license already states, this app is provided without ANY warranty and I will not be liable for any possible damage resulting from using this app. In particular, it is YOUR responsibility to keep your backup-codes ready as I can not guarantee that this app works properly anytime.

tokens-04.apk
DownloadSize: 13.6M

MD5: 2f72a59f8d7679bd93f0a54c512b315f

The source code can be found here: Tokens-App (Warning: This site uses cookies. They don't bite though.)

Digging deeper

How to build this app yourself

First of all you need Qt for Android. I have not tested this on iOS since I don't own a Mac. Feel free to try, but do not expect any help from my side. I also will not provide a full instruction on how to set up Qt for Android and the needed dependencies (SDK/NDK) as there are enough guides online on how to do that.

Then you need two libraries: QZXing for the QR-Code scanning, and OpenSSL for the crypto part.

Building OpenSSL for Android

I basically followed this guide to cross compile the OpenSSL library for my app, but realized that the "versioning" of the library confuses qmake. When building OpenSSL following the guide mentioned above, running the app will fail, because e.g. libcrypto.so.1.0.0 is not found. That is because the apk packer includes libcrypto.so, which is just a symlink to libcrypto.so.1.0.0. Hence the library cannot be found when running the app. The solution for me was to recompile OpenSSL without any versioning (see here):

make CALC_VERSIONS="SHLIB_COMPAT=; SHLIB_SOVER=" all

To do

latest Bugfixes

Questions ?

Send me an e-mail: afk @ daichronos.net

« Übersicht
Datenschutzerklärung Impressum