Gopass: TOTP Doesn't Work on Amazon.com Key

Created on 26 Sep 2018  路  9Comments  路  Source: gopasspw/gopass

Summary

gopass totp amazon.com fails even though it works with all of my other accounts. The error given is Error: No OTP entry found for amazon.com: illegal base32 data at input byte 48, as though something is wrong with the key even though there isn't. My current workaround is to run oathtool --totp=sha1 --base32 $(gopass amazon.com totp).

The key does seem to be a different size than my other accounts, which may be causing the issue. When base32-encoded it is 52 characters long.

Steps To Reproduce

  1. Set up 2FA on Amazon.com
  2. Store TOTP key in gopass
  3. Run gopass totp amazon.com

Expected behavior


It should give me a 6 digit totp pin.

Environment

  • OS: Debian 9
  • OS version: Linux hostname 4.17.0-0.bpo.3-amd64 #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27) x86_64 GNU/Linux
  • gopass Version: gopass 1.8.2-git+HEAD go1.11 linux amd64
  • Installation method: go get
bug help-wanted
Source
picture ajgrf

All 9 comments

I was able to get this working by converting the "totp:" key-value pair to an otpauth URI. There may still be a bug here because I didn't have a problem with any other key, and I don't think it was user error.

ajgrf picture ajgrf on 3 Oct 2018
👍1

@ajgrf Have you tried making sure the URL doesn't have anything after secret=VAL, no &issuer... etc?

(And possibly only has the secret parameter?)

I'm seeing really weird behavior too.

colemickens picture colemickens on 6 Nov 2018

Yes, before I converted it to an otpauth:// URL, it was a totp: key-value pair with just the key. All caps, no spaces, no other leading or trailing characters (other than a single space between the colon and key).

ajgrf picture ajgrf on 6 Nov 2018

From what I can understand, it looks like it's the yaml library that is not able to find they totp key in the "yaml" document.

It returns an empty document.

I am not done yet investigating.

When printing out the real error from the yaml library you get ~ Key not found error.

nokernel picture nokernel on 5 Dec 2018

I was able to make this work with 1.8.2 pre-built binary.

In the yaml format.

Edit your token for this format :

---
totp: yourtokenhere

The trick that made it work for me is the --- line on top

Then gopass totp amazon.com

nokernel picture nokernel on 6 Dec 2018

I think this issue was about getting WRONG codes, rather than no codes.

My issue with this wound up being that I was using a script to export OTPs from Authy and it was including extra query parameters in the otpauth:// URL that were causing invalid codes to be generated. It took me forever to figure this out. I wound up finding it via process of elimination.

colemickens picture colemickens on 6 Dec 2018
👍1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 6 Mar 2019

@ajgrf thanks converting "totp:" key-value pair to an otpauth URI worked for me. I have the same issue on gopass 1.9.2.

NuLL3rr0r picture NuLL3rr0r on 14 May 2020

Confirming the otpauth URI workaround generates a correct code, and the totp: SECRET will generate a wrong code.
gopass 1.10.1

fi0 picture fi0 on 11 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

doronbehar picture doronbehar  路  4Comments
Brixy picture Brixy  路  7Comments
nilskuhn picture nilskuhn  路  6Comments
gnosthi picture gnosthi  路  5Comments
blaggacao picture blaggacao  路  5Comments