Only first TOTP is valid

[FlorianUekermann]

I am using a Nitrokey Pro on Debian, and I am not sure if this is a firmware or app issue.

After using TOTP once only 000000 returned on subsequent uses.
Unplugging or quitting the app resolves the issue for one use.
Seems odd, since I would have expected other people to notice this.

I have not tested if the issue occurs with HOTP.

Anything I can provide to help debugging?

[jans23]

This might be fixed in #27 . Do you have a chance to compile the App from master?

[szszszsz]

Hi @MaVo159 !
What app version do you use (the version should be mentioned in about screen)? Furthermore, is it from package distributed on Nitrokey main site or compiled from source?

[FlorianUekermann]

App version: 0.2, Firmware version 0.7
Debian package from the main site. Probably the most recent one, I installed it maybe a week ago.

I may get to compiling it from master a couple of days from now. Will report back if I do. If you update the .deb on the website, I can try immediately.

[FlorianUekermann]

I can't build with your build instructions. I am not very familiar with QT, otherwise I could probably figure it out. Are you sure your qt4 instructions still work? The problem is that QtWidgets isn't found.

[jans23]

I think qt4 is obsolete. Pl try qt5 instead.

[FlorianUekermann]

Issue is still present in git.

I have encountered this on a variety of machines in the meantime. Both Debian testing and stable are affected. How has this not come up yet? It seems easily reproducible.

On another note, please remove the wrong build instructions and provide instructions that don't require jumping through hoops like downloading qt5 from a 3rd party website. There are qt5 dev packages in recent distributions.

[Belatronix]

In my opinion it is the best way to compile against the "Up to Date" Sources which you can pull from the original website of the QT Project. Handling all the specific distributions and the different requirements inside the documentation is much more complicated and makes a readme bigger as needed.

But what is your special Problem? Which step fails?
Do you have an build log where we can see the problem?

[Belatronix]

@jans23 you set the status to prio:medium. In reason of the build instructions or the TOTP issue?

[jans23]

Regarding the TOTP issue. As you mentioned, more information would be
useful in order to verify this issue.

[FlorianUekermann]

Sorry, I should have written that more clearly:
It builds fine using the QT5 instructions. I was just noting that it would be nice to be able to do it without an external dependency and that the outdated QT4 instructions should be removed to prevent more people wasting time on trying to build that way.

With "Issue still present in git" I meant that I can reproduce the TOTP issue with the latest revision. Furthermore, I have reproduced the TOTP issue on many machines (at least 4) with different Debian versions.
And once more: Can you not reproduce this problem? I use various versions of Gnome 3, on standard Debian installations. How does your setup differ? How can I provide more information?

[Belatronix]

I cant reproduce it cause i didn't have an Nitrokey Pro.
But i will figure out the qt4 build problems and change the readme parts if it's necessary.

[FlorianUekermann]

I don't care about QT4, but a list of packages for QT5 like the one that used to work for QT4 would be pretty great. I tried for a bit but couldn't figure it out.
Regarding the actual issue: If I have time over the weekend, I'll debug a little bit to figure out at which point it fails. This might very well be a firmware issue I guess, which would be nice to confirm.

[jans23]

I think QT4 won't work anymore so it should be removed from the README
entirely.

[Belatronix]

@jans23 Full Agree

[FlorianUekermann]

Unfortunately it doesn't look like I'll have time to debug the app anytime soon. Jan, I assume you have a nitrokey pro. Can you reproduce this?
Anyway, it seems odd that this doesn't happen with other models (if that is the case). Can I somehow test the otp functionality by communicating directly with the device? Just to make sure this is an app issue, not a defect in the device or the firmware.

[szszszsz]

Hi @MaVo159 !
We will fix this issue next week. Sorry!
One of the community users has already sent a patch to test. Once checked it will be merged to master.

[szszszsz]

Hi @MaVo159 !
I have merged the changes to master branch with workaround to the issue from Andrea Arcangeli. Now PIN is cleared each time OTP code is requested and remembering PIN function is now not working.

Please check is it working for you. I have checked it with scenario written in pull request. #88

[FlorianUekermann]

Yep, works for me.