BrandonPotter/GoogleAuthenticator

Invalid six-digit code

SetAres opened this issue · 10 comments

Hello! I have such a problem: there is a format key of JFCGY43BOZZG6QTH. The resulting six-digit code using your code is different from the six-digit code obtained using the google authenticator mobile application. Tell me, maybe I'm doing something wrong? Please show me an example.

ahwm commented

I was unable to duplicate this using the built-in WinForms test application.

Using these details:

Account: QRTestAccount
Secret Key: f68f1fe894
Encoded Key: MY3DQZRRMZSTQOJU

I used a key that gave me a 16-character setup code like you indicated. When I added it to the Google Authenticator app it gave me valid codes. Can you provide a code snippet that reproduces the issue with some output?

Мне не удалось продублировать это с помощью встроенного тестового приложения WinForms.

Используя эти детали:

Account: QRTestAccount
Secret Key: f68f1fe894
Encoded Key: MY3DQZRRMZSTQOJU

Я использовал ключ, который дал мне 16-значный код установки, как вы указали. Когда я добавил его в приложение Google Authenticator, он дал мне действительные коды. Можете ли вы предоставить фрагмент кода, который воспроизводит проблему с некоторым выводом?

I get a encoded key from the exchange MY3DQZRRMZSTQOJU (I can’t attach the original, as this is my personal information. I’ll try to find a broken example (the above code "JFCGY43BOZZG6QTH" works fine)) and QR-code ("Secret Key" and "Account" not getting).
I also found that the 32-character Encoded Key I got worked fine.

For example U4XQHH6QK5CTIRDH. The code from the google authenticator mobile app does not match the code generated here.

image_2020-06-18_01-24-36

ahwm commented

I can refer you to the wiki for a code example.

I added an account to my Google Authenticator app using the setup key you provided and got 6-digit codes. I was also able to successfully validate the codes.

Clicking "Get Current" gave me this list
image

And this is the Google Authenticator app:
image

U4XQHH6QK5CTIRDH doesn't decode to a valid UTF-8 string. Currently a UTF-8 string is required as the secret.

After investigation it seems like your issue might be tied to PR #53 where the UTF-8 requirement is removed.

I inserted the secret key into the "secret key" field and clicked the "Get Current" button. Among the received codes, I did not find the required one .. Probably I'm doing something wrong? I do not quite understand what I need to do with UTF-8 encoding
code

ahwm commented

Ohhhh I think I see the problem. You're using U4XQHH6QK5CTIRDH as the secret key.

So the Setup Key and Secret Key are related but distinctly different. With U4XQHH6QK5CTIRDH as the secret key, you can't enter that in the authenticator app directly. You have to generate a setup code to enter in the app. That's why they're not matching up. The app is using the Base32-encoded value (byte[]) as the key rather than what you enter.

Does that make sense?

So in this case your setup key (what you enter into the app) would actually be this: KU2FQUKIJA3FCSZVINKESUSEJA

image

So in this case your setup key (what you enter into the app) would actually be this: KU2FQUKIJA3FCSZVINKESUSEJA

образ

I correctly understood that in the field "Secret key" I need to enter the value "KU2FQUKIJA3FCSZVINKESUSEJA" (encoded key "U4XQHH6QK5CTIRDH")?

ga

If it’s wrong, please show how to get the correct six-digit code from the key U4XQHH6QK5CTIRDH

ahwm commented

I'm sorry but you still have it a bit backwards. In this case U4XQHH6QK5CTIRDH is the secret key and KU2FQUKIJA3FCSZVINKESUSEJA is the encoded key. Follow my screenshot above.

image

So U4XQHH6QK5CTIRDH is your secret and is not shown to the user. At all. Ever. This value is stored by your application to verify codes. KU2FQUKIJA3FCSZVINKESUSEJA is the encoded key that is shown to the user. KU2FQUKIJA3FCSZVINKESUSEJA is what they enter in their authenticator app.

You keep missing the crucial step of clicking "Generate Setup / Get QR Code" to get the encoded key. You cannot use the "Secret Key" field in the authenticator app. You must use the encoded key.

Take this code snippet from the wiki:

string key = "U4XQHH6QK5CTIRDH";

TwoFactorAuthenticator tfa = new TwoFactorAuthenticator();
SetupCode setupInfo = tfa.GenerateSetupCode("Test Two Factor", "user@example.com", key, false, 3);

string qrCodeImageUrl = setupInfo.QrCodeSetupImageUrl;
string manualEntrySetupCode = setupInfo.ManualEntryKey; // KU2FQUKIJA3FCSZVINKESUSEJA - display to user to set up app

// verify
TwoFactorAuthenticator tfa = new TwoFactorAuthenticator();
bool result = tfa.ValidateTwoFactorPIN(key, txtCode.Text);

Hope that helps!

I think I understand .. The key given to me needs to be converted to an array of bytes (Base32Encoding.ToBytes ("U4XQHH6QK5CTIRDH")). Only after that I can get the keys I need ..

ahwm commented

It's clear the language barrier is definitely a barrier. I would recommend running the web sample and seeing how it works.

The code for it is here. It demonstrates both generating a key and setup key, providing the QR code, and verifying the code.
https://github.com/BrandonPotter/GoogleAuthenticator/blob/master/Google.Authenticator.WebSample/Default.aspx.cs

Maybe that will help illustrate it better.