Geslar
Your 2FA codes —
private, local, yours
Mobile TOTP/HOTP authenticator with military-grade encryption. No cloud, no registration, no tracking. Android and iOS.
Why Geslar Ključar
1
Your codes never leave the device
Google Authenticator sends codes to the cloud. Authy requires a phone number. Geslar Ključar keeps everything local — encryption on device, no external communication.
2
Same encryption as Geslar Škrinjar
AES-256-GCM with PBKDF2 key derivation (600,000 iterations). Each TOTP record encrypted separately — compromising one doesn't reveal others.
3
Free — no limits
Unlimited 2FA keys, biometric unlock, import from 7 authenticators. All free, forever.
All features
TOTP and HOTP
RFC 6238 and RFC 4226 compatible. SHA-1, SHA-256 and SHA-512 algorithms. 6 or 8 digits, configurable period.
QR code scanning
Scan QR code with camera or import an image. Automatic otpauth:// URI format recognition.
Biometric unlock
Face ID, Touch ID or fingerprint — unlock Ključar with a single touch. Master password as security fallback.
Import from 7 authenticators
Google Authenticator (QR), Aegis, 2FAS, Raivo, andOTP and FreeOTP+. Encrypted formats supported.
AES-256-GCM encryption
Each TOTP key encrypted separately. Vault key stored in iOS Keychain / Android Keystore. No internet access.
Circular countdown timer
Visual display of remaining time with warning. Next code appears 10 seconds before expiry — no rush.
PIN protection
Additional security layer — set a 4–8 digit PIN for quick unlock. Biometrics or master password as alternatives.
Folders & organisation
Organise your 2FA keys into folders — work, personal, finance. Drag & drop reordering, search by name or issuer.
Encrypted backup
Export all keys to an encrypted file. AES-256-GCM protection — safe to store on USB, cloud, or another device.
Tap to copy
Single tap on a code copies it to clipboard. Auto-clears after 30 seconds — no traces left behind.
Expiry warning
Visual and audio warning when a TOTP code is about to expire. Next code shown in advance — no panic during login.
Security first
Zero-knowledge architecture
All data is encrypted and decrypted exclusively on your device. No server, no cloud, no third parties — not even in the future without your consent.
Per-record encryption
Each TOTP key is encrypted with its own IV. Compromising one record doesn't affect others — unlike authenticators that use a single unencrypted file.
Screen capture protection
App switcher blurred, screen recording disabled, clipboard auto-clears after 30 seconds. Auto-lock on inactivity.
Brute force protection
Progressive delay after failed unlock attempts. After 10 failed attempts the vault locks — master password required to regain access.
Ready for 2FA?
Download Ključar and start generating TOTP codes offline — no SMS, no signup.
Comparison with other authenticators
Feature
Ključar
Google Auth
Authy
Aegis
Local encryption
AES-256-GCM
✗
AES-256
AES-256-GCM
No cloud / registration
✓
Cloud required
Phone number required
✓
Biometrics
✓
✗
✓
✓
Import from other authenticators
7 sources
✗
✗
6+ sources
Encrypted export
✓
✗
✗
✓
Android + iOS
✓
✓
✓
Android only
Croatian language
✓
✗
✗
✗
Price
Free
Free
Free
Free
Part of the Geslar ecosystem
Geslar Generator
Free secure password and phrase generator from real Croatian words. Works in browser, no installation.
Try the generator →
Geslar Škrinjar
Free password manager with military-grade encryption. Autofill, TOTP, import from 12+ managers. Browser extension.
Install Škrinjar →
Future plan: When cloud sync becomes available, Ključar and Škrinjar will be able to share TOTP keys — autofill in browser automatically fills 2FA codes without opening phone.
Download Ključar
Geslar Ključar is available for Android and iOS. Free TOTP authenticator with AES-256-GCM encryption — no cloud, no registration, no tracking.