search

Nitrokey / nitrokey-pro-firmware

Firmware for the Nitrokey Pro device
GNU General Public License v3.0
117 stars 21 forks source link

OTP functionality #91

Closed jerabaul29 closed 2 years ago

jerabaul29 commented 2 years ago

Would there be a possibility, either in the nitrokey pro or in a future / separate product, to include OTP generation?

szszszsz commented 2 years ago

Hi! TOTP/HOTP codes generation is already integrated with Nitrokey Pro and Nitrokey Storage. Nitrokey App is required to handle this feature (or any libnitrokey client). By numbers there are 15 TOTP slots (14 on Nitrokey Storage currently), and 3 HOTP slots. We have it on roadmap for Nitrokey 3 as well.

For details see these pages in documentation:

Please reopen in case this would not answer your question.

jerabaul29 commented 2 years ago

Mmmh, is it really implemented on the hardware token if there is need for an app? Ie is the app only for communicating with the key, or does the app do part or all of the work?

szszszsz commented 2 years ago

App is needed for communication only. Shared secret storage and OTP code calculation are done on the device.

jerabaul29 commented 2 years ago

Aaah, thanks, I did not know about this :) .

My 2 cents: a bit sad that a custom app is needed to communicate; having a simple universal command line tool that could hook to any hardware token of this style with a general API would be even more exciting. In the same way that no app is needed to do RSA encryption / decryption, as the token implements the GPG smartcard API :) . Do you know if such a standard exists?

szszszsz commented 2 years ago

Sadly I believe there is no open specification for implementing API for OTP, hence everyone is doing their proprietary implementations for communication. We do have a command line application if you are interested (Rust; multi-platform):

jerabaul29 commented 2 years ago

Aaah, nice :) .

Ok, interesting / surprising / sad that there is no open standard API for OTP. Do you think this is something Nitrokey could advertise / push for? :) .

szszszsz commented 2 years ago

We are working on Nitrokey Webcrypt at the moment, which hopefully could introduce such standard, among others: