Support for displaying TOTP keys as QR code (for scanning with a mobile app e.g.)

[sim0nx]

This is not an issue but a feature request.
keepassxc supports TOTP keys, which is wonderful!

Being able to use it to generate and back-up the seeds is great. What is missing is the possibility to display a seed (TOTP key) as a QR code ready to be scanned by your favourite TOTP app (e.g. google authenticator, freeotp, etc).

Expected Behavior

• right click an entry previously set-up for TOTP
• "timed one time password" -> show QR code
• opens a windows with the TOTP key encoded as QR code

Current Behavior

Currently if one wants to do the same one has to export the seed and generate a scannable QR code using some other tool, or worse, manually type the seed into the target app.

Context

I use keepassxc for generating TOTP values, but also for having a back up of the seeds in case I need to restore them on another device (mobile app e.g.).

[phoerious]

Related to (but not a duplicate of) #675

[sim0nx]

Yup I actually picked it up in #96 (second last comment) and was facing this same issue/need when I switched to keepassxc
Difference from the mentioned #675 is that this request is really limited to only TOTP seeds

[weslly]

Duplicate of #722

quoting myself on that issue:

Not exactly what you are asking, but Keepass2Android can generate codes for TOTP entries added on KeepassXC, so you can use it as an alternative to Google Authenticator.

[sim0nx]

Indeed it is a duplicate, I didn't find that one as it is closed sry.
Though as you say yourself, it is not what I was asking for either and not a solution :-)
Would be great if you would implement this feature! 👍

[adolfogc]

I'm working on this, please see #964.

[mcrocker]

Workaround

I've been doing this by using the Firefox Offline QR Code Generator, and an in situ page editor.

Procedure

1. Copy the password of interest from KeepassXC into the paste buffer,
2. Select a simple, preferably plain-text, web page that has no JavaScript surveillance, and select a piece of text,
3. Right click and choose an in-place editor:
   • Out Of The Box Firefox has an 'Inspect Element (Q)' option, but,
   • Other tools like Firebug also will suffice,
4. Paste the key over the text or insert next to the text,
   • This leaves your password in plain text, visible to others who may be watching, but does not save it to disk,
5. Optionally exit the editor,
6. In the browser itself select the newly rendered password, right-click and select QR Code:
   • Now you have a QR code to scan and load into a mobile device,
     • If using an independent QR code reader like ZXing, make sure to delete the last entry in the history and replace the copy/paste buffer with something else,
7. Reload the web page and the pasted text is gone as well as the QR code,

Warnings

• Obviously, not secure to visual snooping or scanning from behind the user,
• Many modern web pages do have JavaScript based surveillance, so a plain HTML locally sourced page is safer,
• I am assuming that the browser is not caching the edit on disk and that the page re-load over-writes memory, but I don't really know if this is true
• Beware that many QR code extensions use an external WebService to render the code, so those are clearly not secure,
• If using an independent QR code reader like ZXing,