Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PRE-RELEASE] TOTP no longer works with OTP settings from Keepass #2671

Closed
zaptan opened this issue Feb 1, 2019 · 3 comments
Closed

[PRE-RELEASE] TOTP no longer works with OTP settings from Keepass #2671

zaptan opened this issue Feb 1, 2019 · 3 comments
Assignees
@droidmonkey
Labels
PRE-RELEASE BUG

Comments

@zaptan
Copy link

zaptan commented Feb 1, 2019

Expected Behavior

TOTP to continue to work as it did in 2.3.4 showing RFC6238 settings from older entries

Current Behavior

TOTP gives 1 second 1 digit 'custom' codes.
when you go into the setup TOTP options, and set it to default RFC6283 it still shows your key, however when you click ok and then try and view the TOTP again it now shows 6 digits with 1 second time step, and setup now has a blank key and is back to 'use custom settings'

I was able to clear all otp and TOTP attributes, save, close keepassXC completely, then when I went back to the entry I was able to set it up new and it worked.

Possible Solution

ether always default to the RFC settings if no up to date settings are found, or migrate the otp:key= attribute to the current TOTP Seed and TOTP Settings attributes

Steps to Reproduce

  1. open any database with an entry made with keepass and a TOTP with KeeOtp plugin
  2. attempt to interact with TOTP show/setup

Context

I have Entries with totp settings created in keepass with KeeOtp's setting otp:key= attribute.
in KeepassXC 2.3.4 these entries work correctly. In 2.4 beta these entries now only give a code of one digit for one second, and any attempts to use setup TOTP do not work to fix the entry

Debug Info

KeePassXC - Version 2.4.0-beta1
Build Type: PreRelease
Revision: 42cfe01

Libraries:

  • Qt 5.12.0
  • libgcrypt 1.8.4

Operating system: Windows 10 (10.0)
CPU architecture: x86_64
Kernel: winnt 10.0.15063

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey
@droidmonkey
Copy link
Member

droidmonkey commented Feb 1, 2019
edited
Loading

Please post what the value of TOTP_SETTINGS is from the advanced attributes for the KeeOtp that you setup in KeePass2. You can obscure your OTP code of course.

I specifically followed the otp url schema, so it could be that KeeOtp is in violation here.

@zaptan
Copy link
Author

zaptan commented Feb 1, 2019
edited
Loading

There are no TOTP_SETTINGS it only sets a name of 'otp' and a value of 'key=[key]'
and this still worked in keepassxc 2.3.4

@droidmonkey
Copy link
Member

gotcha, I will fix this

droidmonkey added a commit that referenced this issue Feb 2, 2019
@droidmonkey
Fix issues with TOTP
c2f35d7 
* otp setting is properly loaded and saved (Fix #2671)
* Removing the key from TOTP Setup clears all TOTP
settings for entry
@droidmonkey droidmonkey mentioned this issue Feb 2, 2019
Merged
droidmonkey added a commit that referenced this issue Feb 5, 2019
@droidmonkey
Fix issues with TOTP
5c2e47c 
* otp setting is properly loaded and saved (Fix #2671)
* Removing the key from TOTP Setup clears all TOTP
settings for entry
* Santize TOTP key prior to storing in OTP format
AnatomicJC pushed a commit to AnatomicJC/keepassxc that referenced this issue Feb 20, 2019
@droidmonkey
Fix issues with TOTP
bf4b6fb 
* otp setting is properly loaded and saved (Fix keepassxreboot#2671)
* Removing the key from TOTP Setup clears all TOTP
settings for entry
* Santize TOTP key prior to storing in OTP format
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droidmonkey droidmonkey

Labels
PRE-RELEASE BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zaptan @droidmonkey