xxxserxxx
commented
3 years ago @AlessioDP , do you have any change requests for this PR?
Closed xxxserxxx closed 3 years ago
xxxserxxx
commented
3 years ago @AlessioDP , do you have any change requests for this PR?
AlessioDP
commented
3 years ago I already forked the branch and trying it out, unfortunately I am a lot busy this month so I won't be able to release it soon :P
I was testing the OTP generation, it works but I need to make everything more configurable:
xxxserxxx
commented
3 years ago If you want to review and leave comments, I don't mind making changes to the PR.
When you say "Toggleable", do you mean build-time feature flags? OTP is currently only shown if it is configured in the Entry, which only happens if the user configures OTP for the entry. I'd suggest that this implies that they want OTP.
Does "edit OTP messages" mean the ability to configure the generate label?
AlessioDP
commented
3 years ago I pushed some changes.
About the OTP labels, I think this can be done later, I've seen that other labels are not configurable too. I think that its missing only a flag to do not handle OTP entries, like for NoCache one :)
Implements #6, adding TOTP support.
This code supports both the new
otpkey, using the Google Authenticator URI, and the "old" TOTP keys, although the latter is poorly tested. Both KeepassXC and Keepass2Android now use the newotpkey.Google defines an HOTP method, and multiple hashes -- this version supports only TOTP and sha256 hashes (which are what twothy, KeepassXC, and Keepass2Android all use).
To test this, create a dummy entry in KeepassXC, and in the "Advanced" section add a key named
otpwith the value:Save that and then use the menu item to "Show OTP". Run kpmenu with this patch; find the dummy entry, and select the
*** Generate TOTP ***attribute. Paste the result, and it will match the one KeepassXC is showing.I release this code under the current kpmenu license (MIT).
P.S. Some (most?) of this code is taken from https://github.com/vedhavyas/twothy, which is under the Unlicensed license, which should not conflict with MIT. @vedhavyas, ping and heads-up.