DEV Community

Cover image for Decode TOTP(Time-based One-time Password) QR Code
iainrough
iainrough

Posted on

Decode TOTP(Time-based One-time Password) QR Code

How not to do this.

Trulli


DO NOT USE AN ONLINE SERVICE

While an online service such as https://webqr.com/ or https://www.qrstuff.com/scan are fine for normal QR codes they should never be used for TOTP QR Codes.

What inside the QR CODE

A TOTP QR code contains the following details (all values are placeholders).


     Hex secret: 3132333435363738393031323334353637383930
     Base32 secret: GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
     Digits: 8
     Window size: 0
     TOTP mode: SHA1
     Step size (seconds): 30
     Start time: 1970-01-01 00:00:00 UTC (0)
     Time now: 2033-05-18 03:33:20 UTC (2000000000)
     Counter: 0x3F940AA (66666666)

Information from: oathtool

For more information visit oathtool

Decode QR code locally


Install

Mac


 install zbar

Enter fullscreen mode Exit fullscreen mode

Windows(WSL), Linux


 apt-get install zbarimg

Enter fullscreen mode Exit fullscreen mode

Example



/mnt/c/Users/rough$ zbarimg /mnt/c/tmp/a.png
otpauth://totp/hub.docker.com:{username}?algorithm=SHA1&digits=6&issuer=hub.docker.com&period=30&secret={Key}



Enter fullscreen mode Exit fullscreen mode

You can now store the OTPAUTH URI in your favorite password manager or add the {Key} so that your password manager can generate the TOPT code.

image

How to add your TOPT key to LastPass

Top comments (1)

Collapse
 
davidpaine profile image
David Paine

How about the following online QR code scanner
dnschecker.org/qr-code-scanner.php
What your reviews about that? Should it help it out in case of TOTP QR Codes?