SecureGen — User Guide

01

Buttons

Button	Description
▲ Top	Navigate up / increment digit
▼ Bottom	Navigate down / next digit
RST	Hardware reboot — same as power cycling the device

02

First Boot

Step 1 — Create PIN

On first power-on the device prompts you to create a PIN code. This PIN encrypts the master device key — it is required on every startup.

Step 2 — Connect to WiFi

After PIN creation the device starts an Access Point. Connect to it from your phone or computer. A captive portal opens automatically — select your WiFi network and enter the password. The device reboots after saving.

Note WiFi can also be configured later through the web cabinet in AP mode, before the automatic WiFi setup runs.

Step 3 — Web cabinet starts automatically

On first boot after WiFi setup, the web server starts automatically. Enter the device IP or mDNS address in your browser to complete registration.

03

Operating Modes

After entering the PIN on every boot, you have a few seconds to select a mode by pressing a button. If nothing is pressed, WiFi mode starts automatically.

AP Mode

Press ▲ Top

Passwords
HOTP codes
Web cabinet
BLE transfer
TOTP codes

Offline Mode

Press ▼ Bottom

Passwords
HOTP codes
BLE transfer
TOTP codes
Web cabinet

WiFi Mode

No button — auto

Passwords
HOTP codes
TOTP codes
Web cabinet (opt.)
BLE (no web server)

WiFi Mode — Web Server

After connecting to WiFi and syncing time via NTP, the device asks: enable web server?

State	Available
Web server OFF	TOTP, HOTP, passwords, BLE transfer
Web server ON	TOTP, HOTP, passwords, web cabinet — BLE transfer disabled

04

Device Navigation

PIN Entry Screen

Action	Result
▲ Top	Increment current digit
▼ Bottom	Move to next digit
Double press ▼ Bottom	Go back one digit
Hold both buttons	Power off device

TOTP / HOTP Screen

Action	Result
▲ Top	Previous key
▼ Bottom	Next key
Hold both (on HOTP)	Advance counter — get next HOTP code
Hold both (on TOTP)	No action
Hold ▲ Top 5 sec	Switch to password manager
Hold ▼ Bottom	Shutdown

Password Manager Screen

Action	Result
▲ Top	Previous password
▼ Bottom	Next password
Hold both buttons	Start BLE transfer
Hold ▲ Top 5 sec	Switch back to TOTP / HOTP
Hold ▼ Bottom	Shutdown

05

BLE Password Transfer

BLE transfer works without any app — the device acts as a Bluetooth HID keyboard and types the password directly.

Mode	BLE Available
Offline	✓ Yes
AP	✓ Yes
WiFi — web server OFF	✓ Yes
WiFi — web server ON	✗ No

First Connection (Bonding)

In the password manager screen, hold both buttons
A PIN code appears on the device display
On your phone, select the device in Bluetooth settings and enter that PIN
Bonding is saved — next time no PIN is needed

Sending a Password

Navigate to the desired password using ▲ / ▼
The password is transmitted to the phone as keyboard input
Press ▲ Top to exit BLE and return to passwords

Note If a hardware BLE PIN is configured, the device will ask you to confirm it on-screen before transmitting.

06

Factory Reset

Press RST
Immediately after reboot — hold both buttons simultaneously

Warning Factory reset permanently deletes all TOTP/HOTP keys, passwords, WiFi credentials, sessions, and PIN. Export your data before resetting if you need to restore it.

07

Web Cabinet — Access & Login

How to Open

Open the device IP address in your browser, or use the mDNS address: http://t-disp-totp.local (hostname configurable in Settings).

In AP mode a captive portal opens automatically when you connect to the device's WiFi network.

Registration

On first access the device redirects to the registration page. Create a username and password, then log in with the same credentials.

Known Bug The registration or login page may appear blank on first load. Refresh the page and it will display correctly.

Login Attempts Multiple failed login attempts will lock access until the device is rebooted.

08

Keys — TOTP & HOTP

Adding a Key

Enter a name and the secret key. Default settings: TOTP, SHA1, 6 digits, 30 second interval.

Click Additional Settings to change:

Parameter	Options
Type	TOTP, HOTP
Algorithm	SHA1, SHA256, SHA512
Code length	6 or 8 digits
TOTP interval	30 or 60 seconds

You can also add a key by uploading a screenshot of its QR code.

Key Actions

Action	Result
Tap the code	Copy code to clipboard
QR button	Display QR code on device screen for 30 seconds — scan to export to another authenticator app
Next (HOTP only)	Advance counter and generate next code
Delete	Remove key permanently

Scanning the QR The device screen is small. Enable your phone's flashlight and zoom in for a cleaner scan.

Export & Import

Click Activate Export and enter your web cabinet password
Select the keys to export and click Export — a .enc file downloads
To import: activate export again, click Import, upload the .enc file

The .enc file can also be opened in decrypt_export.html (project root) — an offline editor for viewing, decrypting, and editing keys on your computer.

09

Passwords

Adding a Password

Enter a name and password. Use the generator icon to create one:

Control	Function
Slider	Password length: 1 – 64 characters
Regenerate	Generate a new random password
Save	Copy generated password into the input field

Click Save Password to add it to the list.

Password Actions

Button	Action
Copy	Securely fetch password from device and copy to clipboard
Edit	Open edit form — change name or password and save
Remove	Delete password permanently

Export & Import

Works identically to key export — activate, enter password, download .enc file. Compatible with decrypt_export.html.

10

Display Settings

Setting	Options
Theme	Light, Dark
Timezone	Used for the clock widget shown on device screen
Splash screen	Image shown on boot: SecureGen (original), Blade Runner 2044, Combs
Screen timeout	Time until screen turns off automatically

Each setting has its own Save button.

11

PIN Settings

Device PIN (Startup Encryption)

Controls the PIN requested on every boot. This PIN encrypts the master device key — all stored data depends on it. Enabled by default, created on first boot.

State	Effect
Enabled	PIN required on startup. Master key encrypted on disk.
Disabled	No PIN on startup. Master key stored unencrypted — if the device is stolen, data can be extracted.

Important Once disabled, the master key cannot be re-encrypted without a Factory Reset. A reset requires re-importing all keys and passwords from backups.

BLE Bonding PIN

The PIN entered on your phone during first Bluetooth pairing. Generated randomly on first boot. Can be changed and saved here.

BLE Hardware Confirmation PIN

An additional PIN prompted on the device itself before any BLE password transfer. Prevents unauthorized transfers if someone else has access to the device.

12

Settings

Change Web Cabinet Password

Requirements: minimum 8 characters, uppercase letter, lowercase letter, number, special character (!@#$%).

Change AP Password

Password for the device's own WiFi access point.

Bluetooth

BLE device name — maximum 15 characters. This is the name visible when pairing.

mDNS

Hostname for local network access. After saving, the device is reachable at http://<hostname>.local.

Startup Mode

Default screen on boot: TOTP/HOTP view or password manager.

Web Server Auto-Shutdown

Automatically stops the web server after inactivity: 5 min, 10 min, 1 hour, or never.

Auto-Logout Timer

Option	Behaviour
Until reboot	Session ends on every device reboot — fresh login required
1 hour / 6 hours / 24 hours / 3 days	Session persists across reboots for the selected duration

Device Controls

Button	Action
Reboot	Restart the device
Reboot with web server	Restart and automatically enable the web server on next boot
Clear BLE clients	Remove all saved Bluetooth bondings
Logout	End current web cabinet session