Here is a BASH and OpenSSL implementation of a Time-Based One-Time Password generator for "emegency" if my phone is stolen or broken. All I need is a backup copy of the authenticator secrets. When setting up two-factor authentication, these codes are often displayed below the QR code.
Here is an update to my BASH OpenSSL HMAC script to be much more efficient, now that I’ve learned that BASH supports a lot more operators than I realized. The update is at www.tidgubi.com/tools/text/bash-openssl-hmac/.
I just posted a BASH script that works around the OpenSSL 0.9.8 limitation of using printable ASCII keys for HMAC by moving the key processing into BASH and only utilizing OpenSSL for the hash functions.