You can generate both TOTP & SSH keys on your client because it support configurable TOTP algorithm (10,15,20,30,60,90,120) you can find a full list of otp algorithm settings on our site and on Amazon WorkSpaces admin pageWe recommend you to select at least 10 seconds for TOTP algorithm. Its just enough time to unlock your PC.
Logon profile encryption container is a RSA encrypted blob. To encrypt your logon profile you need to download public key from Rohos website. The value of pki_container_public_key should be encrypted by your login passphrase. It means that you should keep your logon passphrase safe; otherwise you can lose your encrypted logon profile.
After you decrypt your logon profile you should find a 32 characters long random string in the first TOTP code and a profile name in the second string. The third and the first 32 characters are used by TOTP algorithm to generate TOTP code.
The random data is previously generated on your client and encrypted with public RSA key belonging to Amazon WorkSpaces service. Server uses your generated random data to generate the random data and it sends your encrypted random data to your client. The Data encryption container is an encrypted blob with your master passphrase, random data and generated RSA key. The client generates key by using his master passphrase and encrypted random data.
The sent encrypted random data is now decrypted using your private RSA key and your master passphrase. It means that you should keep your private key and master passphrase safe; otherwise you will be unable to unlock your workstation. d2c66b5586