Structure
Last updated
Last updated
The constructors provided allow for the initialization of TOTP and HOTP libraries with specific parameters:
TOTP Constructors:
There are two constructors available for TOTP.
The first one takes a period and digits as parameters, with default values of 30 seconds for the period and 6 digits for the OTP length.
The second constructor allows for an additional parameter, OTPHashAlgorithm, enabling the use of a specific hashing algorithm.
HOTP Constructors:
Similarly, two constructors are available for HOTP.
The first constructor initializes the library with a counter and digits, defaulting to an OTP length of 6 digits.
The second constructor includes an OTPHashAlgorithm parameter for specifying the hashing algorithm used for generating OTPs.
These constructors provide flexibility in initializing OTP libraries with various configurations depending on the security requirements and system constraints.
Static functions in this context are utility functions that can be called on without having an instance of a class. These functions provide essential operations that are commonly used across TOTP and HOTP implementations:
CheckValidSecretkey: Verifies whether the provided secret key is valid.
GenerateRandomSecretKey: Generates a random secret key of a specified length, which can be used for creating OTPs.
Base32Encode: Encodes a byte array into a Base32 string, which is often used in handling secret keys for OTPs.
The GenerateOTP function is used to generate a one-time password (OTP) based on a given secret key. This function can be utilized for both time-based (TOTP) and HMAC-based (HOTP) algorithms.
GenerateOTP(string secretkey): Generates an OTP using the default hash algorithm.
GenerateOTP(string secretkey, OTPHashAlgorithm algorithm): Generates an OTP using a specified hash algorithm.
secretkey: A string containing the secret key used to generate the OTP.
algorithm (Optional): An OTPHashAlgorithm that specifies the hash algorithm to be used.
The OTP code generation enables secure authentication by ensuring that each code is valid for a specific time window or counter value, thus enhancing security in user authentication processes.
The Verify method is used to validate the given OTP code against a secret key, ensuring that the code is both correct and within the allowed time frame or counter value. This is critical for maintaining secure authentication protocols. The method is overloaded to accommodate different hashing algorithms, providing flexibility in implementation. Here's how the methods work:
public bool Verify(string otpcode, string secretkey): This version uses the default hash algorithm to verify the OTP.
public bool Verify(string otpcode, string secretkey, OTPHashAlgorithm algorithm): This version allows specifying a custom hash algorithm for verification.
Both methods return a boolean indicating whether the OTP code is valid.
The GetOTPUrl methods facilitate the creation of OTP (One-Time Password) URL strings specifically for use with TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) configurations. These URLs include vital parameters such as username, servicename, and secret key, which are essential for setting up the OTP authenticator apps.
TOTP & HOTP:
public string GetOTPUrl(string username, string servicename, string secretkey): Generates a basic OTP URL.
TOTP:
public string GetOTPUrl(string username, string servicename, string secretkey, int period, int digits, OTPHashAlgorithm algorithm): Generates a TOTP-specific URL, allowing the specification of parameters like the time period, number of digits, and hashing algorithm.
HOTP:
public string GetOTPUrl(string username, string servicename, string secretkey, int counter, int digits, OTPHashAlgorithm algorithm): Creates an HOTP-specific URL with customization over the counter, number of digits, and hashing algorithm used.
These flexible methods enable tailored integration with OTP services and applications.
The class provides several properties specific to TOTP and HOTP, allowing for detailed configuration:
TOTP:
GetPeriod() / SetPeriod(int period): Methods to retrieve and set the time period for TOTP.
TOTP & HOTP:
GetAlgorithm() / SetAlgorithm(OTPHashAlgorithm algorithm): Fetch or configure the hashing algorithm.
GetDigits() / SetDigits(int digits): Obtain or specify the number of digits for OTP.
HOTP:
GetCounter() / SetCounter(long counter): Methods to access and modify the counter setting for HOTP.
These properties ensure that the OTP generation can be customized to meet specific security and performance requirements.
The "Other Functions" in this class provide additional utilities for managing and utilizing one-time passwords. The primary function included is:
TOTP:
GetRemainingTime(): This method returns the remaining time in seconds before the current TOTP expires. It is useful for ensuring tokens are used within their valid period and helps in synchronizing client-server time.
