With this change token secrets are encrypted prior to writing them to
storage, and decrypted as and when needed to generate tokens. Additional
validation is performed to verify that token secrets can be decrypted
successfully when loading accounts from storage.
With this change issue #6 should finally be resolved.
It uses the oath-toolkit[1] provided library liboath to generate the 2FA
codes, both TOTP and HOTP based. Currently it is largely untested. From
initial rough testing it seems that auto-refreshing of code is not
working. Also button to refresh token for HOTP is also dummy at moment.
Some todo items include,
- Verify the generated oath code is correct
- Make refreshing token work
- QR code scanning
- Backup and Restore of accounts
- Clipboard support to automatically copy code.
- Encrypted storage of the secret token
This code is largely based on the authenticator-ng[2] application by the
Rodney Dawes and Michael Zanetti for the Ubuntu Touch.
[1] https://www.nongnu.org/oath-toolkit/
[2] https://github.com/dobey/authenticator-ng
Devin Lin
Johan Ouwerkerk
Bhushan Shah