Algorithm/encryption used in secret_data for otp

rauth · April 20, 2022, 9:02pm

Hi peoples,

I am trying to migrate existing OTP code from my database into keycloak. Currently the key stored in my database does not have any encryption or encoding applied, however in Keycloak, I noticed that the OTP key is in a different format looking at the secret_data column of the CREDENTIAL table, for example: {“value”: “1wLkKThhSxoirVo08MCT”}

Can anyone tell what algorithm is used to populate in this field? I tried to convert my string to base64 but without success.

Thanks for your help

gangma · May 13, 2024, 8:26pm

https://lists.jboss.org/pipermail/keycloak-dev/2017-July/009686.html

1wLkKThhSxoirVo08MCT is random string stored in DB. Convert it to bytes first and encode it with BASE32.

import base64
base64.b32encode(str.encode(“1wLkKThhSxoirVo08MCT”))
b’GF3UY22LKRUGQU3YN5UXEVTPGA4E2Q2U’

GF3UY22LKRUGQU3YN5UXEVTPGA4E2Q2U is the secret string that you can use to configure your OTP apps

Topic		Replies	Views
The encryption and decryption rules of password in keycloak	5	16868	September 24, 2024
Migrate credentials type otp between installations Configuring the server	0	14	October 30, 2024
Import OTP from existing system Getting advice	1	1289	August 9, 2021
Is it possible to encrypt certain fields in user data in Keycloak? Getting advice	1	729	June 30, 2022
Is it possible to set data encryption in DB in Keycloak settings Configuring the server database	11	4740	July 12, 2024

Algorithm/encryption used in secret_data for otp

Related topics