Hello,
I want to use my Nitrokey 3 with TOTP with edumfa/privacyidea. I try it with
nitropy nk3 secrets add-otp --kind TOTP mfa I65VU7K5ZQL7WB4E
and it works fine. However edumfa don’t accept the secret. Do somebody how I could create random secrets which accept both, the nitrokey and edumfa?
Are there any documentation how I could use the nitrokey with U2F and edumfa?
Is maybe the time off of your PC?
Is maybe the time off of your PC?
What?
Ah. Now I got it. You cannot enter the Secret in the tool. I thought that the OTP was not accepted.
The secret for TOTP calculation can be of different strength. Maybe the tool needs another length of the secret.
Yes, this is right. Nitrokey accept only base32 encoded secrets.
I tried 23456723456723456723456723456723.
And privacyIdea/edumfa wants at least a length of 32 characters. But the token verification failed.
OK. One step in this solution is to convert the base32 encoded secret for the nitrokey totp token is to a hex string.
import base64
s = "23456723456723456723456723456723"
d: bytes = base64.b32decode(s)
secret = d.hex()
> d6f9df7f5be77dfd6f9df7f5be77dfd6f9df7f5b
Now is only the question, how I could create a good random secret which accept both. Or are there a more simple solution?
import secrets
secret: bytes = secrets.token_bytes(20)
edumfa_secret: str = secret.hex()
nitrokey_secret: str = base64.b32encode(secret).rstrip(b"=").decode()
‘=’ is padding in base32 when not a multiple of 40bits are to be encoded.
20 bytes equal 160bit and a padding should be never required.
hex and base32 are just two ways of encoding the same bytes.