google/google-authenticator-android

Key not recognized

jesobreira opened this issue · 1 comments

jesobreira commented

The following key does not get accepted ("Key not recognized"). However it works well on Authy and I can't find how it breaks the specs.

https://chart.googleapis.com/chart?chs=300x300&cht=qr&chl=otpauth%3A%2F%2Ftotp%2FACME%253Aexample%2540mysite.com%3Fsecret%3D6hwk0m9n71d4mw3e8wu3cnv66hd6jnat%26issuer%3DACME

URI: otpauth://totp/ACME%3Aexample%40mysite.com?secret=6hwk0m9n71d4mw3e8wu3cnv66hd6jnat&issuer=ACME

Secret: 4y0Q58ZJpnG46Wf4ZiUY

Secret (base32): 6hwk0m9n71d4mw3e8wu3cnv66hd6jnat (using base32)

jesobreira commented

Turns out that the base32 implementation I've used (Crockford's base32) is not compatible (since RFC-4648 is required) due to the dictionaries:

Crockford: 0123456789ABCDEFGHJKMNPQRSTVWXYZ
RFC-4648: ABCDEFGHIJKLMNOPQRSTUVWXYZ234567

Changed to a RFC-4648-compliant library (such as this one) and the world is beautiful now.

(Although I still find it quite interesting that Authy does support both the base32 implementations)