Cannot import from Google Authenticator
Closed this issue · 13 comments
Overview
I already have several accounts added to Google Authenticator on Android. Now I'm looking for a way to copy those to my Windows PC. I'm using KeePass on Windows and KeePassDX on Android for all other account data. So I installed this plugin into KeePass and tried to copy an account from Google Authenticator.
Steps to Reproduce
- Export account from Google Authenticator (this is highly complicated, actually)
- Read the QR code from another phone, save its contents to a file and transfer it to the PC
- Paste the file contents in the OTP Setup seed input field
That string looks like: otpauth-migration://offline?data=…
Expected Behavior
Not sure, it's not clearly documented. But maybe it should show me the current OTP code?
Actual Behavior
"ERROR"
Context
OS: Windows 10.2004
KeePass Version: 2.46
Plugin Version: 0.16
This could provide more information on how to decode that data:
I'll have a look, thanks for sharing the links.
To give you a heads-up...
Doing the conversion from otpauth-migration to otpauth is of course possible and I meanwhile have a parser for that (not yet released).
My current plan:
- User inputs the
otpauth-migrationstring in the OTP setup - data is converted and and saved if exactly one entry was exported
- if multiple entries were exported, I'll reject the string as it's not clear which one to use
A migration similar to migration from e.g. KeeOtp isn't possible
Alright, that sounds good. Now I'll have to find a QR reader for Windows so that I can read the code directly from the phone screen with my webcam without using a separate digital camera and other complicated hacks.
I have a working version (link to source)
Unfortunately this required me to include precompiled libraries as KeePass can't compile the plgx-file if I'm just using the nuget package to parse Google's proto format.
Please try the pre-release of v0.17 while I'm trying to change the library thing.
https://github.com/Rookiestyle/KeePassOTP/releases/tag/v.017
Thanks for the implementation. I've tried the 0.17 pre-release and it works well! The data can be imported and the generated codes work fine.
Thanks for your feedback.
The officially released version 0.17 has undergone an internal cleanup and in addition offers the option to drag&drop the Google Authenticator QR code in case you manage to save it as an image.
Thank you for the quick solution!
How does that drag&drop thing work and what can it do? I couldn't drop an arbitrary image file (.png) on the OTP setup dialog window. And I'll have problems getting the QR code out of the Google Authenticator app. It blocks screenshots and provides no other export methods. I had to use a QR code reader on another device, copy that content via clipboard into a file, transfer that file and then copy&paste from a text editor into that dialog window. That's complicated and opens several security holes of potential data leaks. Do you think it would be possible for the OTP plugin to use a local camera directly and scan the QR code from the phone screen? I don't know how compatible and complex that is.
I created a small wiki page: Import from Google Authenticator
It describes very briefly how to import data.
I tested both ways successfully
- Scanning the code with a 2nd smartphone and then using the text shown by the QR code scanner app
- Using scrcpy on my computer, making a screenshot on my computer and using drag&drop - of course, I needed to cut the screenshot to only contain the QR code and not my entire desktop
The OTP setup form of KeePassOTP shows a small QR code.
This serves as drag&drop target and you can use it for QR code files stored on your local compute or for images shown on websites.
I also released v0.18 which can handle Google Authenticator QR codes containing QR more than 1 account
If drag&drop is not working for you I propose to raise a new issue and provide some more details.
It would be great if you can attach the picture that you could not use.
Of course you should create a dummy entry in your Google Authenticator and attach the QR code of this :)
Adding direct access to hardware devices is beyond the scope of this plugin.
It would be dependant on hardware / drivers / OS.
If scrcpy is not working and you're concerned about security (which is good), please consider sending the file in an encrypted way (mail clients using PGP or something similar)
Okay, the wiki page explains it. Except that it doesn't mention where to drop the dragged file. It's important to drop it on that icon, elsewhere won't work. I didn't understand this before your explanation, so I consider it non-intuitive.
scrcpy looks like a complicated debugging environment tool. It needs certain device setup (adb...) and special connections. Not something I'd use for occasional use. I've already got Microsoft's "Your Phone" app but it suffers from the same no-screenshots-allowed restrictions as probably any other remote screen software.
I'm less concerned about transferring the file (in my local LAN) than about the clipboard operations. You know that lots of apps are constantly spying on the clipboard, as has been discovered recently on iOS due to an OS warning if that happens in the background. I'd wish Android had that warning, too. Windows won't help here certainly. But the clipboard is often the only way to get recognised QR codes out of the reader app.
I'm still looking for a good QR reader for Windows that can also use my USB webcam. There's an image decoding library (ZXing.Net) but the camera part seems harder for non-UWP (desktop) apps.
Maybe it'll work to use the Windows built-in camera app and drag the image file onto your dialog. I'll try that next time.
scrcpy looks like a complicated debugging environment tool. It needs certain device setup (adb...) and special connections. Not something I'd use for occasional use. I've already got Microsoft's "Your Phone" app but it suffers from the same no-screenshots-allowed restrictions as probably any other remote screen software.
I used the prebuilt package as suggested in scrcpy's readme:
For Windows, for simplicity, a prebuilt archive with all the dependencies (including adb) is available
I downloaded and extracted it, activated USB debugging on my phone and connected it to my computer using USB. After starting scrcopy-noconsole.exe my smartphone's display was shown on my computer.
- if multiple entries were exported, I'll reject the string as it's not clear which one to use
Sorry for the necroposting but I've just faced with the task of transferring Authenticator's export and I think the issue from the quote could be easily solved by asking a user to select corresponding KeePass entries for all entries from oauth-migration since doing this one by one is pretty tedious.