Bug 475223

Summary: Access your keys or generate new QR codes
Product: [Applications] Keysmith Reporter: Louis Moureaux <m_louis30>
Component: GeneralAssignee: Bhushan Shah <bshah>
Status: REPORTED ---    
Severity: wishlist CC: inb-bugzilla-1e1cff, nate, plata.hill
Priority: NOR    
Version First Reported In: 23.08.1   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Louis Moureaux 2023-10-04 22:08:45 UTC 
SUMMARY

I would like to use a TOTP from multiple apps and devices. This could be enabled by generating a new QR code from data saved by Keysmith. Similarly, it would be nice to have access to my saved secrets.

STEPS TO REPRODUCE
1. Add a TOTP key
2. Try to find your secret again to use it on another device

OBSERVED RESULT

The secret cannot be displayed.

EXPECTED RESULT

Users are in control of their data, which includes displaying it.

SOFTWARE/OS VERSIONS
Operating System: KDE neon 5.27
KDE Plasma Version: 5.27.8
KDE Frameworks Version: 5.110.0
Qt Version: 5.15.10

ADDITIONAL INFORMATION
n/a
Comment 1 Ben Bonacci 2023-10-07 09:30:18 UTC 
I believe it's intentional for Keysmith not to reveal the TOTP secrets for security reasons. Alternatively, you could re-register for TOTP with the service and scan their QR code into Keysmith and any other TOTP devices needed at the same time.
Comment 2 Louis Moureaux 2023-10-07 14:04:20 UTC 
> I believe it's intentional for Keysmith not to reveal the TOTP secrets for security reasons.

I'd be glad to hear the reasons... If an attacker has access to the 2FA device then the account is already compromised...
Comment 3 Plata 2024-05-17 16:08:16 UTC 
I agree that this is needed. Also, other apps (e.g. andOTP) provide such functionality.
Comment 4 Louis Moureaux 2024-05-21 16:59:47 UTC 
> I agree that this is needed. Also, other apps (e.g. andOTP) provide such functionality.

Also for GDPR compliance - right to access and right to data portability.