TOTP - how to use own private key for HW token
23 views
Skip to first unread message
Martin Vancl
Jun 3, 2020, 8:14:10 AM6/3/20
to keyclo...@googlegroups.com
Hi,
is possible to add own TOTP token private key?
I have this nonprogrammable
https://www.token2.com/shop/product/token2-otpc-n1-otp-display-card-nonprogrammable-
token.
I do not see any settings for use own key.
I'm looking at postgres database. There are two rows for my user:
https://pastebin.com/yW05nuB9
If I'm trying to generate TOTP pin for key "fm983rXXXXXXXXXXdqOs" I
got this error:
martin@martin:~$ oathtool --base32 --totp fm983rXXXXXXXXXXXdqOs
oathtool: base32 decoding failed: Base32 string is invalid
Is value salted? OTP row does not have any salt.
I would like to change this TOTP key directly in database (just for
one user). How can I do it?
Thanks for help,
MV
----------------------- https://pastebin.com/yW05nuB9
DROP TABLE IF EXISTS "credential";
CREATE TABLE "public"."credential" (
"id" character varying(36) NOT NULL,
"salt" bytea,
"type" character varying(255),
"user_id" character varying(36),
"created_date" bigint,
"user_label" character varying(255),
"secret_data" text,
"credential_data" text,
"priority" integer,
CONSTRAINT "constraint_f" PRIMARY KEY ("id"),
CONSTRAINT "fk_pfyr0glasqyl0dei3kl69r6v0" FOREIGN KEY (user_id)
REFERENCES user_entity(id) NOT DEFERRABLE
) WITH (oids = false);
CREATE INDEX "idx_user_credential" ON "public"."credential" USING
btree ("user_id");
INSERT INTO "credential" ("id", "salt", "type", "user_id",
"created_date", "user_label", "secret_data", "credential_data",
"priority") VALUES
('c6cd72f4-dc48-4070-b31f-922037651ba5', NULL, 'password',
'be3007ec-02d9-4878-80b0-201f1243bd3b', 1590190192201, NULL,
'{"value":"yWpL+DjYhjXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3U3nsGsow==","salt":"FK9DpXXXXXXXXXXXXXXOXQ=="}',
'{"hashIterations":27500,"algorithm":"pbkdf2-sha256"}', 10),
('21a13db0-690c-4633-b21b-d79ffb1f48eb', NULL, 'otp',
'be3007ec-02d9-4878-80b0-201f1243bd3b', 1590190336840, 'Mi9Lite',
'{"value":"fm983rXXXXXXXXXXdqOs"}',
'{"subType":"totp","digits":6,"counter":0,"period":30,"algorithm":"HmacSHA1"}',
20);
-----------------------
Thanks,
MV
is possible to add own TOTP token private key?
I have this nonprogrammable
https://www.token2.com/shop/product/token2-otpc-n1-otp-display-card-nonprogrammable-
token.
I do not see any settings for use own key.
I'm looking at postgres database. There are two rows for my user:
https://pastebin.com/yW05nuB9
If I'm trying to generate TOTP pin for key "fm983rXXXXXXXXXXdqOs" I
got this error:
martin@martin:~$ oathtool --base32 --totp fm983rXXXXXXXXXXXdqOs
oathtool: base32 decoding failed: Base32 string is invalid
Is value salted? OTP row does not have any salt.
I would like to change this TOTP key directly in database (just for
one user). How can I do it?
Thanks for help,
MV
----------------------- https://pastebin.com/yW05nuB9
DROP TABLE IF EXISTS "credential";
CREATE TABLE "public"."credential" (
"id" character varying(36) NOT NULL,
"salt" bytea,
"type" character varying(255),
"user_id" character varying(36),
"created_date" bigint,
"user_label" character varying(255),
"secret_data" text,
"credential_data" text,
"priority" integer,
CONSTRAINT "constraint_f" PRIMARY KEY ("id"),
CONSTRAINT "fk_pfyr0glasqyl0dei3kl69r6v0" FOREIGN KEY (user_id)
REFERENCES user_entity(id) NOT DEFERRABLE
) WITH (oids = false);
CREATE INDEX "idx_user_credential" ON "public"."credential" USING
btree ("user_id");
INSERT INTO "credential" ("id", "salt", "type", "user_id",
"created_date", "user_label", "secret_data", "credential_data",
"priority") VALUES
('c6cd72f4-dc48-4070-b31f-922037651ba5', NULL, 'password',
'be3007ec-02d9-4878-80b0-201f1243bd3b', 1590190192201, NULL,
'{"value":"yWpL+DjYhjXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3U3nsGsow==","salt":"FK9DpXXXXXXXXXXXXXXOXQ=="}',
'{"hashIterations":27500,"algorithm":"pbkdf2-sha256"}', 10),
('21a13db0-690c-4633-b21b-d79ffb1f48eb', NULL, 'otp',
'be3007ec-02d9-4878-80b0-201f1243bd3b', 1590190336840, 'Mi9Lite',
'{"value":"fm983rXXXXXXXXXXdqOs"}',
'{"subType":"totp","digits":6,"counter":0,"period":30,"algorithm":"HmacSHA1"}',
20);
-----------------------
Thanks,
MV
Martin Vancl
Jun 3, 2020, 9:45:13 AM6/3/20
to keyclo...@googlegroups.com
I got it!
'{"value":"fm983rXXXXXXXXXXdqOs"}',
martin@martin:~$ echo "fm983rXXXXXXXXXXdqOs" | base32
MZWTSOBTOJMFQWCYLBMFQWCYLBSHCT3TBI======
martin@martin:~$ oathtool --base32 --totp MZWTSOBTOJMFQWCYLBMFQWCYLBSHCT3TBI
418238
st 3. 6. 2020 v 14:13 odesílatel Martin Vancl <tux.m...@gmail.com> napsal:
MV
'{"value":"fm983rXXXXXXXXXXdqOs"}',
martin@martin:~$ echo "fm983rXXXXXXXXXXdqOs" | base32
MZWTSOBTOJMFQWCYLBMFQWCYLBSHCT3TBI======
martin@martin:~$ oathtool --base32 --totp MZWTSOBTOJMFQWCYLBMFQWCYLBSHCT3TBI
418238
st 3. 6. 2020 v 14:13 odesílatel Martin Vancl <tux.m...@gmail.com> napsal:
Martin Vancl
Jun 3, 2020, 9:52:11 AM6/3/20
to keyclo...@googlegroups.com
I cannot convert my hardware token private key to format used in
keycloak database.
martin@martin:~$ echo "FEUNV45xxxxxxxxxxxxxxxxxS3T54WTV" | base32 -d
)(��base32: invalid input
What I do bad?
st 3. 6. 2020 v 15:44 odesílatel Martin Vancl <tux.m...@gmail.com> napsal:
MV
keycloak database.
martin@martin:~$ echo "FEUNV45xxxxxxxxxxxxxxxxxS3T54WTV" | base32 -d
)(��base32: invalid input
What I do bad?
st 3. 6. 2020 v 15:44 odesílatel Martin Vancl <tux.m...@gmail.com> napsal:
Reply all
Reply to author
Forward
0 new messages