0

I am trying to implement TOTTP algorithm described here: https://www.rfc-editor.org/rfc/rfc6238

Key key = new SecretKeySpec(seed.getBytes(StandardCharsets.UTF_8), "HmacSHA512");

However RFC says that:

Seed for HMAC-SHA512 - 64 bytes
     String seed64 = "3132333435363738393031323334353637383930" +
     "3132333435363738393031323334353637383930" +
     "3132333435363738393031323334353637383930" +
     "31323334";

  1. Is this seed64 64 bytes and what happens if I don't pass a 64 bytes seed at like I do with my key generation (my seed has an arbitrary length)?

  2. Should I use Base64 encoding for my seed?

Community
  • 1
  • 1
kamaci
  • 72,915
  • 69
  • 228
  • 366
  • It's clear from the RFC that these example "seeds" are hex-encoded and must therefore be hex-decoded to a `byte[]` first. You can, however, achieve the same result by instead saving the ASCII string that is represented by the hex-encoded data and then using the `.getBytes()` method as you have. The ASCII string is "1234567890123456789012345678901234567890123456789012345678901234". – President James K. Polk Dec 13 '20 at 22:39
  • So, is there a problem to use a seed which is less than 64 bytes? – kamaci Dec 14 '20 at 00:27

0 Answers0