Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Keysmith
Keysmith
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 7
    • Issues 7
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Utilities
  • KeysmithKeysmith
  • Issues
  • #9

Closed
Open
Opened Dec 28, 2019 by Johan Ouwerkerk@ouwerkerkDeveloper

Do we want to drop OATH toolkit/libs?

Currently Keysmith uses liboath (oath-toolkit) for the OATH algorithms and Base32 decoding. However we may want to ditch this in favour of our own implementation after #6 (closed) lands. Here are a few reasons why:

  1. The library comes with a number of limitations.
  2. It is also not possible to adapt the output encoding. This turns out to be a real-world limitation: SteamGuard is basically TOTP using a custom encoding symbol table. Using the library this is impossible to support in Keysmith.
  3. The library comes with a creaking autotools based build system which requires at least two patches to keep working already and is generally no fun.
  4. In practice item 3 also means that for that reason it is currently infeasible to get Keysmith building for and working on Android (@nicolasfella)
  5. There is also no metadata on this library for e.g. kdesrc-build yet. I.e. kdesrc-build --include-dependencies keysmith will not work without manually installing the lib first.
  6. The algorithms that we need are not complex. HOTP is just an HMAC, TOTP is just a scheme to derive the counter for HOTP and so on. Qt already provides primitives (e.g. QCryptographicHash for hashing) and if these are unsuitable by the time #6 (closed) lands we will have integrated with 'real' crypto libs in Keysmith anyway.
Edited Dec 28, 2019 by Johan Ouwerkerk
Assignee
Assign to
keysmith/0.2
Milestone
keysmith/0.2
Assign milestone
Time tracking
None
Due date
None
Reference: utilities/keysmith#9