lucadentella / TOTP-Arduino

155 stars 33 forks source link

Does it work with secret string longer than 10 chars? #18

Closed f616 closed 3 years ago

f616 commented 3 years ago

My base32 string has 52 chars and I've been unable to generate valid tokens. Don't know why. I'm still troubleshooting but would like to know your feedback on this.

lucadentella commented 3 years ago

Hi

Yes, it should be no limit in key length... see for example issue #7 and other closed issues.

f616 commented 3 years ago

Hi After reading the closed issues, and now I understand there is no limitations on the number of chars. The problem is that I was generating the hmacKey with the base32 secret instead of using the plain_text.

The issue here is that I do not have the plain_text secret. I only have the base32 encoded. And when I try to decode it (using some online services), it is giving some errors (Error: Decoded data is not valid UTF-8).

Is there any way in your sketch to use the base32 encoded string instead of the plain_text?

https://totp.danhersam.com/#/WW4M3CGAVC76RHXIRY3HONP5PL3WSFDGO3FIZU3IVSQWJISHCEVQ image

lucadentella commented 3 years ago

No, but you can use a "base32 to hex" converter to get rid of the decoding problem: https://cryptii.com/pipes/base32-to-hex

and use the resulting byte array as key in the sketch (just remember to append 0x to each byte and separate them with commas):

uint8_t hmacKey[] = {0xb5,0xb8,0xcd,0x88,0xc0,0xa8,0xbf,0xe8,0x9e,0xe8,0x8e,0x36,0x77,0x35,0xfd,0x7a,0xf7,0x69,0x14,0x66,0x76,0xca,0x8c,0xd3,0x68,0xac,0xa1,0x64,0xa2,0x47,0x11,0x2b};

f616 commented 3 years ago

Issue solved. I use the https://cryptii.com/pipes/base32 to directly decode the base32 encoded string to HEX, and it worked just fine.

Is there a way to do this decoding directly on the sketch?

image

lucadentella commented 3 years ago

Good! Closing...

PS: I think you can find a base32 library for arduino that can do the decoding step in you sketch.