aegisvault 0.2.4

Convert otpauth URI file to Encrypted Aegis vault JSON file

• Documentation for the Aegis vault format can be found here
• The codebase was initially imported from the Gnome Authenticator project.
• This repo is after https://github.com/louib/aegis-vault-rs
• The Encrypted Aegis vault JSON files produced are Vault version 1, Database version 2. (Database version 3 is used too, but importing version 2 is still supported.)
• The included decrypt.py is from: https://github.com/beemdevelopment/Aegis/raw/refs/heads/master/docs/decrypt.py

Install

Install standalone single-binary

wget https://github.com/pepa65/argisvault/releases/download/0.2.4/aegisvault
sudo mv aegisvault /usr/local/bin
sudo chown root:root /usr/local/bin/aegisvault
sudo chmod +x /usr/local/bin/aegisvault

Install with cargo

If not installed yet, install a Rust toolchain, see https://www.rust-lang.org/tools/install

Direct from crates.io

cargo install aegisvault

Direct from repo

cargo install --git https://github.com/pepa65/aegisvault

Static build (avoiding GLIBC incompatibilities)

git clone https://github.com/pepa65/aegisvault
cd aegisvault
rustup target add x86_64-unknown-linux-musl
cargo rel  # Alias in .cargo/config.toml

The binary will be at target/x86_64-unknown-linux-musl/release/aegisvault

Install with cargo-binstall

Even without a full Rust toolchain, rust binaries can be installed with the static binary cargo-binstall:

# Install cargo-binstall for Linux x86_64
# (Other versions are available at <https://crates.io/crates/cargo-binstall>)
wget github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz
tar xf cargo-binstall-x86_64-unknown-linux-musl.tgz
sudo chown root:root cargo-binstall
sudo mv cargo-binstall /usr/local/bin/

Only a linux-x86_64 (musl) binary available: cargo-binstall aegisvault

It will be installed in ~/.cargo/bin/ which will need to be added to PATH!

Usage

aegisvault 0.2.4 - Convert otpauth URI file to Encrypted Aegis vault JSON on stdout
Usage: aegisvault <URI_FILE>
Arguments:
  <URI_FILE>  The otpauth URI inputfile

Options:
  -h, --help     Print help
  -V, --version  Print version

• Unencrypted otpauth URI files consist of lines with this format: otpauth://TYPE/NAME?secret=SECRET&algorithm=HMAC_ALGORITHM&digits=LENGTH&period=PERIOD&issuer=ISSUER
  • TYPE can be totp/hotp/steam/motp/yandex.
  • NAME should not contain a : (colon) or % (percent), as it messes with URI encoding.
  • SECRET is the base32 RFC3548 seed (without the = padding!) for the OTPs.
  • TYPE, NAME and SECRET are mandatory.
  • HMAC_ALGORITHM is one of: SHA1 (the default), SHA256 or SHA512.
  • LENGTH for digits is most often 6 (default), but can be set to 5 (for Steam), 7 (Twitch) or 8 (Microsoft).
  • PERIOD is almost always 30 (the default).
  • HMAC_ALGORITHM, LENGTH and PERIOD should be given but are optional, and will be set to their respective default values.
• The otpauth URI RFC: https://www.ietf.org/archive/id/draft-linuxgemini-otpauth-uri-01.html

License

GPLv3