yeojz / otplib

Hello. Thanks for this library!

Lines 92 to 109 in dab816b

    
           export const totpPadSecret = ( 
        
             secret: SecretKey, 
        
             encoding: KeyEncodings, 
        
             minLength: number 
        
           ): HexString => { 
        
             const currentLength = secret.length; 
        
             const hexSecret = Buffer.from(secret, encoding).toString('hex'); 
        
             if (currentLength < minLength) { 
        
               const newSecret = new Array(minLength - currentLength + 1).join(hexSecret); 
        
               return Buffer.from(newSecret, 'hex') 
        
                 .slice(0, minLength) 
        
                 .toString('hex'); 
        
             } 
        
             return hexSecret; 
        
           };

Referencing these lines, it looks like you're copying the secret's buffer data until it fills the required size. Maybe I'm missing something from the totp or hotp RFC where I can read some documentation where this particular part of the code is based on? I'm learning TOTP and this library and wanted to understand where this particular part of the algorithm is described.

https://tools.ietf.org/html/rfc6238 here is doesn't seem they pad the secret. Is the padding something that happened in the industry, but not necessarily the standards?

Thanks in advance!

	export const totpPadSecret = (
	secret: SecretKey,
	encoding: KeyEncodings,
	minLength: number
	): HexString => {
	const currentLength = secret.length;
	const hexSecret = Buffer.from(secret, encoding).toString('hex');

	if (currentLength < minLength) {
	const newSecret = new Array(minLength - currentLength + 1).join(hexSecret);
	return Buffer.from(newSecret, 'hex')
	.slice(0, minLength)
	.toString('hex');
	}

	return hexSecret;
	};

where in the RFC is secret's padding