Initialization: Setting secret
The card accepts secret in slightly modified Google Authenticator otpauth URL. (no counter parameter)
otpauth://hotp/username@server/?secret=base32encodedsecret
Optionally, you can set number of digits generated by digits parameter (default is 6, permitted values are 1-9)
otpauth://hotp/username@server/?secret=base32encodedsecret&digits=8
Other parameters than
digitsandsecretare ignored.
Please note that counter currently can't be set using URL, and is restarted to 0 when the key is updated
Example: for RFC 4226 test secret 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x30 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x30 OTPAUTH URL would look like this:
otpauth://hotp/[email protected]?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
Note: account name (in this example
[email protected]) is usually used in software OTP generators only as a label. It is not used in OTP computation and is ignored by the card.
Please make sure you have set payload before setting secret, as every time card is being written on some card read operations are executed, causing generation of new OTP codes, which may result in desynchronization of counter on server and on card.
Procedure is similar to loading any other URL and is described on Setting payload page and on following animation.
If you have problem setting secret as URL record, try pasting your OTPauth URL into standard text record. It should work too!
After these steps are finished, the card is ready to use.
