The package is a Go package used for generating one time passwords via TOTP or HOTP.

import (


The package may be used under the terms of the BSD 2-Clause License a copy of which may be found in the LICENSE file.

Unless you explicitly state otherwise, any contribution submitted for inclusion in the work by you shall be licensed as above, without any additional terms or conditions.

Expand ▾ Collapse ▴



    Package otp implemnts HOTP and TOTP one-time passwords.

    Example (Totp)




    This section is empty.


    This section is empty.


    func NewOTP

    func NewOTP(key []byte, l int, h func() hash.Hash, c CounterFunc) func(offset int, dst []byte) int32

      NewOTP returns a function that generates hmac-based one-time. Each time the returned function is called it calls c and appends the one-time password to dst. It also returns a 31-bit representation of the value. The key is the shared secret, l is the length of the output number (if l is less than or equal to 0, NewOTP panics), h is a function that returns the inner and outer hash mechanisms for the HMAC, and c returns the seed used to generate the key.

      func URL

      func URL(key []byte, step time.Duration, l int, hash crypto.Hash, domain, email string) *url.URL

        URL returns a URL that is compatible with many popular OTP apps such as FreeOTP, Yubico Authenticator, and Google Authenticator.

        Supported hashes are SHA1, SHA256, and SHA512. Anything else will default to SHA1.


        type CounterFunc

        type CounterFunc func(offset int) uint64

          CounterFunc is a function that is called when generating a one-time password and returns a seed value. In HOTP this will be an incrementing counter, in TOTP it is a function of the current time. Offset indicates that we want the token relative to the current token by offset (eg. -1 for the previous token).

          func TOTP

          func TOTP(step time.Duration, t func() time.Time) CounterFunc

            TOTP returns a counter function that can be used to generate HOTP tokens compatible with the Time-Based One-Time Password Algorithm (TOTP) defined in RFC 6238.

            If a zero duration is provided, a default of 30 seconds is used. If no time function is provided, time.Now is used.

            Source Files