Can't add AWS MFA secret

[jans23]

The original ticket is here: https://github.com/Nitrokey/nitrokey-app/issues/26

[szszszsz]

To sum up: issue is caused by storage limitations and needs it's structure redesign.

[tripleclones]

Can you give any time frames on this please?

Just to clarify I have experienced more services using longer secret keys which are incompatible other then AWS

[jans23]

No time frame yet. Which are these other services you are mentioning?

[szszszsz]

Current TOTP secret given by AWS is 64 base32 characters which is 40 bytes (320 bits).

[tripleclones]

VPS provider Bitfolk is the one that springs to mind but I'm sure there was another as well, I will check some other providers I use

[jans23]

We are going to tailor our devices to AWS's secret length. It would be important, how long the secrets of those other providers is and if such exceed the secret's length AWS is using.

[tripleclones]

When I set up AWS I was given a 64 Byte key. Bitfolk provided a 80 Byte key. As I understand it the Nitrokey is current limited to 32 Bytes?

[szszszsz]

Hi! @tripleclones Could you tell, are these bytes encoded base32, base64 or hex? Are there any information of their type? I guess the first, but wanted to confirm.
Edit: as for the question, currently Nitrokey can store 160 bits long keys (which is 32 bytes while encoded in base32).

[tripleclones]

I appears to be base32 yes, 50 Bytes decoded.

Although I have asked the question of Bitfolk to be sure.

[tripleclones]

Confirmed 50 bytes base32 encoded

[tripleclones]

OK so Bitfolk have drop the requirements of their key to fit in with the current 32 base32 - so its just AWS now :)

[szszszsz]

The AWS OTP keys will be supported from now on Nitrokey Pro v0.8 and hopefully on Nitrokey Storage next versions (v0.44+).