<div dir="ltr">I'm not quite following the problem. You can encode the secret/key using Base32. In fact this Keycloak already stores the secret as a Base32 encoded string. We don't strictly support hardware tokens at the moment as there's no way to specify the secret, but you can probably do that through the admin endpoints.</div><div class="gmail_extra"><br><div class="gmail_quote">On 13 June 2016 at 20:14, Mitya <span dir="ltr"><<a href="mailto:mitya@cargosoft.ru" target="_blank">mitya@cargosoft.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>The current KeyCloak HOTP implementation assumes that a HOTP key (aka<br>seed, aka initialization vector) is stored as string, and thus contains<br>only printable characters. However, the HOTP standard (RFC 4226)<br>doesn't impose any restrictions on key material; any arbitrary byte<br>array is acceptable.</div><div><br></div><div>Moreover, many hardware HOTP tokens are pre-programmed at the factory,<br>and do contain non-printable seeds. Even though KeyCloak doesn't<br>support hardware tokens out of the box, developers could implement it<br>by extending KeyCloak and employing existing algorithms. Unfortunately,<br>the existing convention (to store HOTP seeds as printable strings)<br>makes this impossible.</div><div><br></div><div>For the "password" credential type, the "value" field is already stored<br>as Base64. I think "hotp" credentials could also be stored as Base64 or<br>hex; another option would be to store the "value" field as BLOB (like<br>it's already done for the "salt" field).</div><div><br></div><div>I think I could produce a PR for this, I only need to know which<br>scenario is preferred.</div><div><br></div><div>Cheers,</div><div>Mitya</div><div><br></div></div><br>_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>