CLI tool to decrypt backup files exported from the Aegis Authenticator app.
This application is neither affiliated with Beem Development nor Aegis Authenticator.
-
Ruby: 2.5+/3.0+, no external gems needed
-
OpenSSL: 1.1+/3.0+
-
OS: Either Windows, macOS, or Linux
Caution
This program writes the backup file content to stdout in plaintext. By default, this means the content will be displayed on the screen.
Recommended precautions:
- Do NOT decrypt your backup file in public areas, or in the presence of untrusted persons and surveillance cameras.
- Do NOT decrypt your backup file on a machine that you suspect to be infected by malware.
- ENSURE that your terminal session output is not being unintentionally saved or recorded.
File: test/encrypted_test.json
Password: test
# Enter the above password when prompted
ruby lib/decrypt.rb test/encrypted_test.json
You should get the following plaintext JSON output.
{
"version": 1,
"entries": [
{
"type": "totp",
"uuid": "3ae6f1ad-2e65-4ed2-a953-1ec0dff2386d",
"name": "Mason",
"issuer": "Deno",
"icon": null,
"info": {
"secret": "4SJHB4GSD43FZBAI7C2HLRJGPQ",
"algo": "SHA1",
"digits": 6,
"period": 30
}
},
{
"type": "totp",
"uuid": "84b55971-a3d2-4173-a5bb-0aea113dbc17",
"name": "James",
"issuer": "SPDX",
"icon": null,
"info": {
"secret": "5OM4WOOGPLQEF6UGN3CPEOOLWU",
"algo": "SHA256",
"digits": 7,
"period": 20
}
},
{
"type": "totp",
"uuid": "3deaff2e-f181-4837-80e1-fdf0c54e9363",
"name": "Elijah",
"issuer": "Airbnb",
"icon": null,
"info": {
"secret": "7ELGJSGXNCCTV3O6LKJWYFV2RA",
"algo": "SHA512",
"digits": 8,
"period": 50
}
},
{
"type": "hotp",
"uuid": "0a8c0571-ff6f-4b02-aa4b-50553b4fb4fe",
"name": "James",
"issuer": "Issuu",
"icon": null,
"info": {
"secret": "YOOMIXWS5GN6RTBPUFFWKTW5M4",
"algo": "SHA1",
"digits": 6,
"counter": 1
}
},
{
"type": "hotp",
"uuid": "03e572f2-8ebd-44b0-a57e-e958af74815d",
"name": "Benjamin",
"issuer": "Air Canada",
"icon": null,
"info": {
"secret": "KUVJJOM753IHTNDSZVCNKL7GII",
"algo": "SHA256",
"digits": 7,
"counter": 50
}
},
{
"type": "hotp",
"uuid": "b25f8815-007f-40f7-a700-ce058ac05435",
"name": "Mason",
"issuer": "WWE",
"icon": null,
"info": {
"secret": "5VAML3X35THCEBVRLV24CGBKOY",
"algo": "SHA512",
"digits": 8,
"counter": 10300
}
},
{
"type": "steam",
"uuid": "5b11ae3b-6fc3-4d46-8ca7-cf0aea7de920",
"name": "Sophia",
"issuer": "Boeing",
"icon": null,
"info": {
"secret": "JRZCL47CMXVOQMNPZR2F7J4RGI",
"algo": "SHA1",
"digits": 5,
"period": 30
}
}
]
}
You can also add the -f / --format
option to print the plaintext output as csv
or as a pretty
CSV-like String padded with spaces.
# Enter the above password when prompted
ruby lib/decrypt.rb test/encrypted_test.json -f csv
uuid,type,name,issuer,info.secret,info.period,info.digits,info.counter,info.algo,icon
3ae6f1ad-2e65-4ed2-a953-1ec0dff2386d,totp,Mason,Deno,4SJHB4GSD43FZBAI7C2HLRJGPQ,30,6,,SHA1,
84b55971-a3d2-4173-a5bb-0aea113dbc17,totp,James,SPDX,5OM4WOOGPLQEF6UGN3CPEOOLWU,20,7,,SHA256,
3deaff2e-f181-4837-80e1-fdf0c54e9363,totp,Elijah,Airbnb,7ELGJSGXNCCTV3O6LKJWYFV2RA,50,8,,SHA512,
0a8c0571-ff6f-4b02-aa4b-50553b4fb4fe,hotp,James,Issuu,YOOMIXWS5GN6RTBPUFFWKTW5M4,,6,1,SHA1,
03e572f2-8ebd-44b0-a57e-e958af74815d,hotp,Benjamin,Air Canada,KUVJJOM753IHTNDSZVCNKL7GII,,7,50,SHA256,
b25f8815-007f-40f7-a700-ce058ac05435,hotp,Mason,WWE,5VAML3X35THCEBVRLV24CGBKOY,,8,10300,SHA512,
5b11ae3b-6fc3-4d46-8ca7-cf0aea7de920,steam,Sophia,Boeing,JRZCL47CMXVOQMNPZR2F7J4RGI,30,5,,SHA1,
# Enter the above password when prompted
ruby lib/decrypt.rb test/encrypted_test.json -f pretty
uuid type name issuer info.secret info.period info.digits info.counter info.algo icon
3ae6f1ad-2e65-4ed2-a953-1ec0dff2386d totp Mason Deno 4SJHB4GSD43FZBAI7C2HLRJGPQ 30 6 SHA1
84b55971-a3d2-4173-a5bb-0aea113dbc17 totp James SPDX 5OM4WOOGPLQEF6UGN3CPEOOLWU 20 7 SHA256
3deaff2e-f181-4837-80e1-fdf0c54e9363 totp Elijah Airbnb 7ELGJSGXNCCTV3O6LKJWYFV2RA 50 8 SHA512
0a8c0571-ff6f-4b02-aa4b-50553b4fb4fe hotp James Issuu YOOMIXWS5GN6RTBPUFFWKTW5M4 6 1 SHA1
03e572f2-8ebd-44b0-a57e-e958af74815d hotp Benjamin Air Canada KUVJJOM753IHTNDSZVCNKL7GII 7 50 SHA256
b25f8815-007f-40f7-a700-ce058ac05435 hotp Mason WWE 5VAML3X35THCEBVRLV24CGBKOY 8 10300 SHA512
5b11ae3b-6fc3-4d46-8ca7-cf0aea7de920 steam Sophia Boeing JRZCL47CMXVOQMNPZR2F7J4RGI 30 5 SHA1
When the -f / --format
option is set to csv
or pretty
, you can use the -e / --except
option to hide unwanted fields. Non-existent fields are silently ignored.
# Enter the above password when prompted
ruby lib/decrypt.rb test/encrypted_test.json -f pretty -e icon,icon_mime,icon_hash,favorite,note,uuid
type name issuer info.secret info.period info.digits info.counter info.algo
totp Mason Deno 4SJHB4GSD43FZBAI7C2HLRJGPQ 30 6 SHA1
totp James SPDX 5OM4WOOGPLQEF6UGN3CPEOOLWU 20 7 SHA256
totp Elijah Airbnb 7ELGJSGXNCCTV3O6LKJWYFV2RA 50 8 SHA512
hotp James Issuu YOOMIXWS5GN6RTBPUFFWKTW5M4 6 1 SHA1
hotp Benjamin Air Canada KUVJJOM753IHTNDSZVCNKL7GII 7 50 SHA256
hotp Mason WWE 5VAML3X35THCEBVRLV24CGBKOY 8 10300 SHA512
steam Sophia Boeing JRZCL47CMXVOQMNPZR2F7J4RGI 30 5 SHA1
gem install bundler
bundle install
bundle exec rspec -r spec_helper
gem unpack csv --target=vendor/gems/
Then update gem versions in Gemfile, and run bundle install
.