Warning: sharing your TOTP seed with third-parties breaks the very basic assumption of multi-factor authentication that the TOTP
seed is secret.
I'm generating a QR code using google charts api like this:
https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:username?secret=IISUQVZSJ4XWSQBS&issuer=Example
https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:username?secret=IISUQVZSJ4XWSQBS&issuer=Example
Here it is so you can click on the link
I'm using https://zxing.org/w/decode.jspx to decode the qr
But it seems the code keeps getting generated without the
&issuer=Example part
I've tried encoding / decoding the uri but nothing seems to be working
You should try to encode the ampersand:
https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:username?secret=IISUQVZSJ4XWSQBS%26issuer=Example
Related
Title says it all. Have to put in extra characters to make it a valid post.
Thanks.
The QR code exported by Google Authenticator should be valid forever and can be imported as many times as you wish because it uses TOTP technology.
You will notice the phone doesn't need to be connected to internet to generate the QR code this is because it combines the OTP (you entered the OTP when adding the 2FA) and a secret.
I wonder how qr code trigger events. There are several type of qr code (URL, vCard, download...): what trigger the correct action? There is a special code in qr code or the App reader guess the correct action to take?
Thanks
The so called payload of a QR code can consist of binary data, text or other (rarely) used type of data.
If the QR code contains text only, the reader has then to guess what it could be, mainly by looking at the start of the text, e.g.:
http:// or http://: a URL (web page to open)
BEGIN:VCARD: a vCard contact
WIFI: Wifi credentials
If the QR code contains binary data, then it's application specific data and a generic QR code reader cannot do anything with it.
For a project, I implemented an OTP 2nd factor authentification. Everything is working fine, I am able to generate a QRcode for the encryption seed, read it on an Androïd smartphone and use the 6 digits generated code to authenticate in my app.
I read that v1.5 of FreeOTP is now supporting addition of an image to each service, quote:
On Android, we released a major release which brings many new features and UI refinements. The biggest of these is image support. Images can be selected for each token. Images can also be provisioned to the device via an undocumented OTP URI query parameter.
I see that some services did succeed in adding an image for their service (for example OVH), but cannot find the proper URI syntax to do so ...
To be more precise, I am not asking for the method to manually add an image to a token in the FreeOTP app, I'm looking for the correct URI to generate the QRCode that would ideally include a link to the image to be displayed. I'm pretty sure I never manually added an image for OVH.
The correct URI to generate the QR code with reference to the image you want to use in FreeOTP includes a querystring parameter pointing to its publicly available location:
...&image=http<s>://<image-path>
The image should be a .png. Fully qualify path and protocol.
Add this to the existing string already created for the QR code. You have to UrlEncode the whole string before generating the QR code.
For clarity the format of the data before urlencoding should be:
otpauth://totp/(<issuer>:)<accountnospaces>?secret=xxxxxxxxxx(&issuer=<issuer>)(&image=<imageuri>)
Brackets denote optional elements. For example:
otpauth://totp/Google:SampleName?MQ2TQNLEGMYTMOBXGY3Q&issuer=Google&image=http://google.com/image/logo.png
Then you urlencode it:
otpauth%3A%2F%2Ftotp%2FGoogle%3ASampleName%3FMQ2TQNLEGMYTMOBXGY3Q%26issuer%3DGoogle%26image%3Dhttp%3A%2F%2Fgoogle.com%2Fimage%2Flogo.png
Then you generate a QR code however you like. For example, Google Chart API:
https://chart.googleapis.com/chart?cht=qr&chs=400x400&chl=otpauth%3A%2F%2Ftotp%2FGoogle%3ASampleName%3FMQ2TQNLEGMYTMOBXGY3Q%26issuer%3DGoogle%26image%3Dhttp%3A%2F%2Fgoogle.com%2Fimage%2Flogo.png
While this feature is supported by FreeOTP, other apps do not. It's not part of the spec for TOTP, although it should be.
According to this page an SMS is possible to get in a QR Code. I'm creating a generator but have no idea how they do it in their one. The scanner I'm using to test the codes brings theirs up with two fields, "to" and "body".
What information do you need to put in the qr code? For example, for the emails you require the mailto syntax.
There are two different things you can try:
smsto:+447700900888
Or,
sms:+447700900888
Where +44 is the country code. Remember to URL encode the + as %2B.
Both should work on the majority of modern smartphones - but remember to double check using the phones your customers actually have.
I have a text to QR code converter. I want to use it to create QR codes like Website URL, YouTube Video, Google Maps Location, Telephone Number, Skype Call, SMS Message, Email Address, Email Message, Contact Details (VCARD), Event (VCALENDAR), Tlephone Number
Can you give me the codes to create it like I got to create Email-
MATMSG:
TO:xyz#abc.com;
SUB:I am sending this email using QR code;
BODY:I have stored all of your letters in QR codes.
[Add more here]
Thanks
[Your Name];;
You can check my QR code generator
Note that only some QR code readers will recognize those different types and it's not universal for various phones/devices. You are better off keeping it simple with text string/URL until all devices adhere to standard. Android seems to support the most types and the reference implementation is their Barcode Scanner which is also open sourced on google code (zxing).
http://code.google.com/p/zxing/
You can view their source for how they generate the different types... Then compare your output to theirs with this online generator:
http://zxing.appspot.com/generator