Menu

#51 Can't create TOTP - "No OTP for this entry"

v1.0 (example)
closed-fixed
Lester Hightower
OTP (1) TOTP (1)
9
2023-12-06
2023-12-05
Kurt Fitzner
No

The 'otp' command does not appear to function. It always returns 'No OTP for this entry', regardless of whether or not there is a 2FA entry in the notes/comments. Also, the 'show' command does not redact 2FA entries in the notes.

kpcli:/keepass/A/Folder> show 16

Title: TestTOTP
Uname: VA1DER
 Pass:
  URL:
Notes: 2FA-TOTP: I552WYNJ26HQNZXP

kpcli:/keepass/A/Folder> otp 16
No OTP for this entry.
kpcli:/keepass/A/Folder> help otp
...
To configure an entry for this feature, place a line in
in the entry's Comments, as follows:

2FA-TOTP: TheBase32SecretKeyProvided
...

Is this an error in the way I'm adding the 2FA-TOTP line?

Discussion

  • Kurt Fitzner

    Kurt Fitzner - 2023-12-05

    Using v4.0

     

  • Lester Hightower

    Lester Hightower - 2023-12-05
    • status: open --> closed-invalid
    • assigned_to: Lester Hightower
    • Priority: 5 --> 9
     

  • Lester Hightower

    Lester Hightower - 2023-12-05

    Hi, and thank you for providing TheBase32SecretKeyProvided so that I could test this with real data. Unfortunately, I cannot replicate what you see:

    $ ~/bin/kpcli.d/releases/kpcli-4.0.pl 

KeePass CLI (kpcli-4.0) v4.0 is ready for operation.
Type 'help' for a description of available commands.
Type 'help <command>' for details on individual commands.

kpcli-4.0:/> cd eMail/
kpcli-4.0:/eMail> new foo
Adding new entry to "/eMail"
Title: foo
Username: VA1DER
Password:                ("g" or "w" to auto-generate, "i" for interactive)
URL: 
Notes/Comments (""): 
(end multi-line input with a single "." on a line)
| 2FA-TOTP: I552WYNJ26HQNZXP
| .
kpcli-4.0:/eMail> ls
=== Entries ===
0. foo                                                                    
kpcli-4.0:/eMail> otp 0
244596
kpcli-4.0:/eMail>

    Perhaps comparing the list of modules used on my side versus your side would be helpful:

    kpcli-4.0:/eMail> vers
kpcli: 4.0
Perl: v5.34.0
Operating system: linux ("Linux Mint 21.1 Vera")
ReadLine being used: Term::ReadLine::Gnu

Pivotal Perl Modules for kpcli
 * File::KeePass: 2.03
 * File::KDBX: 0.906
 * Term::ShellUI: 0.92
 * Term::ReadKey: 2.38
 * Term::ReadLine: 1.17
 * Authen::OATH: 2.0.1
 * Capture::Tiny: 0.48
 * Clipboard: 0.27
 * Convert::Base32: 0.06
 * Data::Password: 1.12
 * File::KDBX::Constants: 0.906
 * File::KDBX::Key: 0.906
 * Math::Random::ISAAC: 1.004
 * Sub::Install: 0.928
 * Term::ReadLine::Gnu: 1.42
 * URI: 5.10
 * Data::Password::passwdqc: not installed (optional)
 * Data::Password::zxcvbn: not installed (optional)
kpcli-4.0:/eMail>

    I will gladly reopen this bug if needed, but am closing it for now since I cannot replicate the issue.

     

  • Kurt Fitzner

    Kurt Fitzner - 2023-12-05

    If I start with a new database, it works as advertised. If I use my existing KDBX4 database, it doesn't:

     kp
Provide the master password: *************************

KeePass CLI (kpcli) v4.0 is ready for operation.
Type 'help' for a description of available commands.
Type 'help <command>' for details on individual commands.

kpcli:/keepass> mkdir T1
Database was modified. Do you want to save it now? [y/N]:

kpcli:/keepass> cd T1
kpcli:/keepass/T1> new
Adding new entry to "/keepass/T1"
Title: Test1
Username: VA1DER
Password:                ("g" or "w" to auto-generate, "i" for interactive)
URL:
Tags:
Strings: (a)dd/(e)dit/(d)elete/(c)ancel/(F)inish?
Notes/Comments (""):
(end multi-line input with a single "." on a line)
| 2FA-TOTP: I552WYNJ26HQNZXP
| .
Database was modified. Do you want to save it now? [y/N]:

kpcli:/keepass/T1> ls
=== Entries ===
0. Test1
kpcli:/keepass/T1> show 0

Title: Test1
Uname: VA1DER
 Pass:
  URL:
Notes: 2FA-TOTP: I552WYNJ26HQNZXP

kpcli:/keepass/T1> otp 0
No OTP for this entry.
kpcli:/keepass/T1>
     

  • Kurt Fitzner

    Kurt Fitzner - 2023-12-05

    My database employs a key file, in case that makes a difference.

     

  • Lester Hightower

    Lester Hightower - 2023-12-05
    • status: closed-invalid --> closed-fixed
     

  • Lester Hightower

    Lester Hightower - 2023-12-05

    Thank you for following up. You found a bug in v4.0.

    The bug can be replicated like this:

    kpcli-4.0:/> newdb
Choose your file format:

 1. KDB   - The original KeePass format (*.kdb).
            Supported using File::KeePass
 2. KDBX3 - The first KeePass XML format (*.kdbx v3).
            Supported using File::KeePass
 3. KDBX4 - The second KeePass XML format (*.kdbx v4).
            Supported using File::KDBX
Choose: (1)/(2)/(3)/(c)ancel? 3
Done. Use the saveas command to write to disk.
kpcli-4.0:/Root> new foo
Adding new entry to "/Root"
Title: foo
Username: foo
Password:                ("g" or "w" to auto-generate, "i" for interactive)
URL: 
Notes/Comments (""): 
(end multi-line input with a single "." on a line)
| 2FA-TOTP: I552WYNJ26HQNZXP
| .
kpcli-4.0:/Root> ls
=== Entries ===
0. foo                                                                    
kpcli-4.0:/Root> otp 0
No OTP for this entry.

    I will fix this bug in the next release of kpcli. For now, if you are comfortable editing the kpcli source code, the fix is a small change to line 7974, as shown here:

    <  } elsif (ref($ent) eq 'File::KDBX::') {
>  } elsif (ref($ent) =~ m/^File::KDBX::/) {

    I hope this helps and thanks again for reporting this problem.

     

  • Kurt Fitzner

    Kurt Fitzner - 2023-12-06

    It was line 7957 on mine. The fix is in and working perfectly now.

    Thanks so much for finding this so quickly!

     

Log in to post a comment.