Skip to content

Usage

Initialisation

Before generating keys, you need to initialise the config with a passphrase. Run this once on each machine:

dailykey --init

You will be prompted to enter and confirm a passphrase. The passphrase is run through 5 million rounds of SHA-512 to derive a seed, which is stored in ~/.config/dailykey/config.json. This takes a second or two.

Note

The same passphrase always produces the same seed. This is the key property that makes dailykey work — you run --init on each machine with the same passphrase, and from then on they will generate identical keys, even if the machines never communicate.

Generating Keys

Once initialised, simply run:

dailykey

This prints a 40-character alphanumeric key that changes every day.

Named Keys

Pass a name to get a different key — useful when you need multiple independent keys from the same seed:

dailykey backupdisk
dailykey nas
dailykey laptop

Each name produces its own key, but the same name always produces the same key on the same day. Running dailykey backupdisk at any point during the day will always give the same result.

Configuration

The config lives at ~/.config/dailykey/config.json:

{
  "seed": "AD34A1DC154FDD0A29A5866..."
}

The seed is a hex string derived from your passphrase. It is the only secret — anyone with this seed can generate the same keys.

Sharing Across Machines

There are two ways to get the same keys on multiple machines:

  1. Enter the same passphrase — run dailykey --init on each machine with the same passphrase. The same seed will be derived. This works even if the machines are air-gapped.
  2. Copy the config file — copy ~/.config/dailykey/config.json to the same path on each machine.

Resetting

To start fresh with a new seed:

rm ~/.config/dailykey/config.json
dailykey --init

How It Works

  1. Seed derivation (one-time, during --init): the passphrase is hashed through 5 million rounds of SHA-512 to produce the seed.

  2. Daily key generation (each run): the seed, current date, and optional name are concatenated and hashed once with SHA-512. The result is base64-encoded and filtered to alphanumeric characters, producing a 40-character key.

The daily key generation is a single hash — it is instant.