Autofill with a Nitrokey 3 and OpenVPN (or any other desktop app)

SIFHM · February 27, 2025, 1:24pm

Hi there,
And many thanks for all what’s done around this beautiful project.

I purchased a Nitrokey 3 mini key to activate 2FA on our OpenVPN, which is linked to a PrivacyID server of our org.

We manage to generate a OTP from the Nitrokey app, and to paste it into OPenVPN desktop client without any issue.

My concern is more about comfort. Is there a way to shortcut the process, I mean, for instance, to tap on the key when the focus is on the openvpn password field to autofill it ?

At this stage, opening an app, generating a code, and copy/pasting into openvpn client is not an option as it is considered to be a too fastidious process.

Many thanks in advance for your replies.

SIFHM · February 28, 2025, 5:15pm

Hi there,
Does anybody can confirm me that with OpenVPN, copy and paste from nitrokey app is the only solution for us?

ion · February 28, 2025, 5:29pm

Yes, to my knowledge it is. Also, while I understand you see more automation as “user comfort” for a 2FA TOTP, for most cases such automatism is undesired. That is because it would require the app to monitor sensitive UI events. That’s counter-productive to better security.

I know the nitrokey-1 app automatically copies the TOTP code into clipboard and clears that after a configurable time. I’m not sure if that auto-clearance option has landed for the new app 2, but an automatic copy should be the most you want.

SIFHM · March 3, 2025, 8:50am

Hi ion and many thanks for your reply.

I totally understand that user comfort is most of time counter-productive in terms of security purpose.
But, and sorry for comparison, some other keys on the market has a good integration with forms. When your focus is on a field, and you click on the key button, it fills automatically the field with the OTP code. That’s very convenient, don’t forget that users are not always journalist or sec experts, but most of time classic end users.
Many, I’ll check the app to know if there is a way to get automatically the code from clipboard once generated by the app.
If any other idea comes to you, we’ll be happy to read you.
Cheers

ion · March 3, 2025, 7:47pm

Are the other keys you refer to integrating with the forms, i.e. do they recognise the focus is on openvpn connect client UI? Or does the key paste a pre-configured TOTP code when you press the button, regardless what form it is?

SIFHM · March 6, 2025, 8:58am

Hi @ion . Hi checked and it paste regardless of the form.

ion · March 6, 2025, 9:16pm

That’s good, as TOTP are not meant to carry respective attributes to identify the service. I guess for your openvpn case an automated and supported way to strengthen authentication would be x509 certificates (instead of openvpn-auth&TOTP), but I have no experience with that.