GitLab

Currently Keysmith uses liboath (oath-toolkit) for the OATH algorithms and Base32 decoding. However we may want to ditch this in favour of our own implementation after #6 (closed) lands. Here are a few reasons why:

1. The library comes with a number of limitations.
2. It is also not possible to adapt the output encoding. This turns out to be a real-world limitation: SteamGuard is basically TOTP using a custom encoding symbol table. Using the library this is impossible to support in Keysmith.
3. The library comes with a creaking autotools based build system which requires at least two patches to keep working already and is generally no fun.
4. In practice item 3 also means that for that reason it is currently infeasible to get Keysmith building for and working on Android (@nicolasfella)
5. There is also no metadata on this library for e.g. kdesrc-build yet. I.e. kdesrc-build --include-dependencies keysmith will not work without manually installing the lib first.
6. The algorithms that we need are not complex. HOTP is just an HMAC, TOTP is just a scheme to derive the counter for HOTP and so on. Qt already provides primitives (e.g. QCryptographicHash for hashing) and if these are unsuitable by the time #6 (closed) lands we will have integrated with 'real' crypto libs in Keysmith anyway.