[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#666185: Should accept base32 encoded keys
From: |
Simon Josefsson |
Subject: |
[OATH-Toolkit-help] Bug#666185: Should accept base32 encoded keys |
Date: |
Sun, 01 Apr 2012 12:11:02 +0200 |
sön 2012-04-01 klockan 10:56 +0100 skrev Martin Michlmayr:
> * Simon Josefsson <address@hidden> [2012-04-01 11:17]:
> > > oathtool currently requires an unencoded key. It would be nice if it
> > > would also accept base32 encoded keys, so you could pass it e.g. a key
> > > from Google directly.
> >
> > Hello. Thanks for the report, it sounds like a good idea. Please try
> > just uploaded 1.12.0.
>
> Thanks. Unfortunately, I get:
> | oathtool: base32 decoding failed: Base32 string is invalid
>
> This is because my string is lowercase whereas oathtool expects it to
> be uppercase (oathtool works fine if I convert it to uppercase). My
> understanding of base32 is that both upper and lower case is accepted.
> (But I haven't actually read the standard.)
Thanks for testing. The base32 alphabet is upper case in RFC 4648, and
you are right the tool rejects lower case strings. However, I think it
makes sense to support arbitrary case here. I guess we'll need a 2.12.1
to fix this.
Do you know some base32 example keys with known OTPs? I wasn't able to
find any. I wanted to make sure that other implementations uses normal
base32 and not some variation. Or were you able to confirm that
oath-toolkit does the right thing, after you upper-case'd the string?
Maybe that is sufficient testing if we can't find test vectors.
/Simon