Upload OATH HOTP OTP Seed File fails with Admin Event "Authenticator(s) with serial number - [xxxxx] were not imported because their seed(s) were not base32 encoded
2 years ago
Article Number
000072501
Applies To
RSA Product Set: ID Plus
RSA Product/Service Type: Cloud Authentication Service
RSA Version/Condition: All
Issue
Upload OATH HOTP OTP Seed File to the Cloud Authentication Service fails - Upload unsuccessful. Try again.
 User-added image


Admin Event Monitor captures - Authenticator(s) with serial number - [YUB23811755] were not imported because their seed(s) were not base32 encoded.
User-added image
 
Cause
Yubikeys seeded by Yubikey Personalization Tool have the OTP seed encode as 20 bytes of HEX.

User-added image
Resolution
To be able to import the OATH HOTP OTP Seed File successfully - The secret key must be encoded in Base32 encoded format. 

Example of OATH HOTP seed file - BharathYubi.csv 

User-added image

Where : 
2381175 - Token Serial Number
2RYCC3EJPDNBADNL3JSDAN5M2Z63UGKM - Secret Key "Base 32 encoded"
0 - Counter value 

Upload OATH HOTP OTP Seed Files to the Cloud Authentication Service - OATH HOTP OTP Seed File should now import successfully
User-added image

Admin Event Monitor 
User-added image
 
Workaround
Convert the 20 Bytes HEX secret key to Base 32 encoded, using Python or any conversion tools. Example - https://cryptii.com/pipes/hex-to-base32

User-added image

The "20 Byte Hex" secret key generated by Yubikey Personalization Tool - d4 70 21 6c 89 78 da 10 0d ab da 64 30 37 ac d6 7d ba 19 4c in this case corresponds to 2RYCC3EJPDNBADNL3JSDAN5M2Z63UGKM  "Base32 encoded" value

User-added image
 

Related Articles

Trending Articles

Don't see what you're looking for?