{"id":2311,"date":"2022-10-27T13:35:51","date_gmt":"2022-10-27T12:35:51","guid":{"rendered":"https:\/\/hoover.gplrank.de\/?p=2311"},"modified":"2023-10-19T11:20:07","modified_gmt":"2023-10-19T10:20:07","slug":"extracting-google-authenticator-accounts-for-use-with-keepass-totp-plugin","status":"publish","type":"post","link":"https:\/\/hoover.gplrank.de\/?p=2311","title":{"rendered":"Extracting google authenticator accounts for use with keepass TOTP-plugin"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"148\" height=\"85\" src=\"https:\/\/hoover.gplrank.de\/wp-content\/uploads\/2022\/10\/image-7.png\" alt=\"\" class=\"wp-image-2313\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>If you want to use an existing google authenticator account for use with keepass, the process to extract the base32 seed required by Keepass&#8217; TOTP plugin can be quite involved. <\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>So for posterity, I&#8217;ve documented the process here (I am using a company provided iphone and an Ubuntu Linux VM, but I think the process will be quite similar for android systems and other Linux distributions).<\/p>\n\n\n\n<p> If you have any questions, feel free to leave a comment!<\/p>\n\n\n\n<p>Open the google authenticator app on your phone<\/p>\n\n\n\n<p>Select &#8220;export&#8221; from the hamburger menu<\/p>\n\n\n\n<p>uncheck all accounts &amp; re-check the one you want exported (make sure you don&#8217;t accidentally delete the original account on your phone :)) <\/p>\n\n\n\n<p>save the generated QR-code (jpg or png) to your photos or wherever &amp; copy it to your Linux machine (I used telegram&#8217;s very handy &#8220;Saved Messages&#8221; feature for this)<\/p>\n\n\n\n<p>install the &#8220;zbar-tools&#8221; package using apt or apt-get<\/p>\n\n\n\n<p>o clone this git repository: <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">git clone\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/scito\/extract_otp_secret_keys\" target=\"_blank\">https:\/\/github.com\/scito\/extract_otp_secret_keys<\/a><\/pre>\n\n\n\n<p>change to the newly created directory:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cd extract_otp_secret_keys<\/pre>\n\n\n\n<p>o extract information from the qr code image (using test.jpg as an example)<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">zbarimg test.jpg &gt; test.txt<\/pre>\n\n\n\n<p>o edit test.txt, remove the leading &#8220;QR-Code:&#8221; string<\/p>\n\n\n\n<p>o use pip to install the  packages protobuf &amp; qrcode:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><span style=\"font-size: revert;\">pip install protobuf==3.20.1 qrcode # use this version as later versions won't work as of this writing<\/span><\/pre>\n\n\n\n<p>o extract the keys: <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">python3 extract_otp_secret_keys.py -p test.txt<\/pre>\n\n\n\n<p>Use the string labelled &#8220;Secret&#8221; as the &#8220;base32&#8221; TOTP-Secret in keepass2<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>That&#8217;s it! From now on, you should be able to generate TOTP tokens even if you just dropped your mobile into the toilet (it happens :)) <\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you want to use an existing google authenticator account for use with keepass, the process to extract the base32 seed required by Keepass&#8217; TOTP plugin can be quite involved. So for posterity, I&#8217;ve documented the process here (I am using a company provided iphone and an Ubuntu Linux VM, but I think the process [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-2311","post","type-post","status-publish","format-standard","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/2311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2311"}],"version-history":[{"count":4,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/2311\/revisions"}],"predecessor-version":[{"id":2402,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/2311\/revisions\/2402"}],"wp:attachment":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}