sön 2012-04-01 klockan 10:56 +0100 skrev Martin Michlmayr: > * Simon Josefsson <si...@josefsson.org> [2012-04-01 11:17]: > > > oathtool currently requires an unencoded key. It would be nice if it > > > would also accept base32 encoded keys, so you could pass it e.g. a key > > > from Google directly. > > > > Hello. Thanks for the report, it sounds like a good idea. Please try > > just uploaded 1.12.0. > > Thanks. Unfortunately, I get: > | oathtool: base32 decoding failed: Base32 string is invalid > > This is because my string is lowercase whereas oathtool expects it to > be uppercase (oathtool works fine if I convert it to uppercase). My > understanding of base32 is that both upper and lower case is accepted. > (But I haven't actually read the standard.)
Thanks for testing. The base32 alphabet is upper case in RFC 4648, and you are right the tool rejects lower case strings. However, I think it makes sense to support arbitrary case here. I guess we'll need a 2.12.1 to fix this. Do you know some base32 example keys with known OTPs? I wasn't able to find any. I wanted to make sure that other implementations uses normal base32 and not some variation. Or were you able to confirm that oath-toolkit does the right thing, after you upper-case'd the string? Maybe that is sufficient testing if we can't find test vectors. /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
