Add the base32 format for OTP secrets

Many applications display OTP secrets in the base32 format (according to
RFC 4648).
This patch adds base32 as a possible value for the --format option to
the otp set subcommand.

1 files changed, 8 insertions, 0 deletions

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index 71b2bdd..289c257 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -457,6 +457,13 @@ fn prepare_ascii_secret(secret: &str) -> Result<String> {
   }
 }
 
+/// Prepare a base32 secret string for libnitrokey.
+fn prepare_base32_secret(secret: &str) -> Result<String> {
+  base32::decode(base32::Alphabet::RFC4648 { padding: false }, secret)
+    .map(|vec| format_bytes(&vec))
+    .ok_or_else(|| Error::Error("Could not parse base32 secret".to_string()))
+}
+
 /// Configure a one-time password slot on the Nitrokey device.
 pub fn otp_set(
   ctx: &args::ExecCtx,
@@ -468,6 +475,7 @@ pub fn otp_set(
 ) -> Result<()> {
   let secret = match secret_format {
     args::OtpSecretFormat::Ascii => prepare_ascii_secret(&data.secret)?,
+    args::OtpSecretFormat::Base32 => prepare_base32_secret(&data.secret)?,
     args::OtpSecretFormat::Hex => data.secret,
   };
   let data = nitrokey::OtpSlotData { secret, ..data };