Secret keys

[bcnx]

Hi,

• can we use whatever keys we generate ourselves, as long as they correlate to the Google Authenticator tool?
• there is a reference to page https://nerdyness2012.wordpress.com/tag/oathtool/ and it generates keys like so:

head -10 /dev/urandom | md5sum | cut -b 1-30

However, when I do that and the key contains an "8" character, Google Authenticator says "illegal character".

• Google Authenticator asks for a Time based or a Counter based setting. What should be used? Cheers,
• how should the token.json be formatted? I tried to put several entries between the curly brackets but I got 500 errors after that.

thanks!

BC

[bcnx]

To answer my own questions:

• keys can be generated like this:

#!/bin/sh

# Generate a secret.
export HEX_SECRET=$(head -10 /dev/urandom | md5sum | cut -b 1-30)

# Generate the TOTP details, 6 digits long.
oathtool --verbose --totp $HEX_SECRET

• The end result does not have 8's in them
• time-based is the correct setting
• token.json should have an entry for every user, all enclosed by the brackets, but every line needs a comma at the end.

[wl-lankin]

You can use following Python Library to create keys: 'https://pyauth.github.io/pyotp/' and then write them automatically to the json file.

In combination with 'https://pypi.org/project/qrcode/' you can create an automation so that every user can scan a qr-code, and no administrative action is required.