Documentation
¶
Overview ¶
Package totp is a simple Go package to implement Timebased-One-Time-Password authentication functionality, a.k.a. `TOTP`, to the Go app.
Optionally, it supports ECDH key agreement protocol to share the same secret key between two parties.
```shellsession # Install the module go get github.com/KEINOS/go-totp ```
```go // Use the package import "github.com/KEINOS/go-totp/totp" ```
Example ¶
This example demonstrates how to generate a new secret key with default options and validate the passcode.
The generated key should be compatible with most TOTP authenticator apps.
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
Issuer := "Example.com" // name of the service
AccountName := "alice@example.com" // name of the user
// Generate a new secret key with default options.
// Compatible with most TOTP authenticator apps.
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
// Print the default option values.
fmt.Println("- Algorithm:", key.Options.Algorithm)
fmt.Println("- Period:", key.Options.Period)
fmt.Println("- Secret Size:", key.Options.SecretSize)
fmt.Println("- Skew (time tolerance):", key.Options.Skew)
fmt.Println("- Digits:", key.Options.Digits)
// Generate 6 digits passcode (valid for 30 seconds)
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode
if key.Validate(passcode) {
fmt.Println("* Validation result: Passcode is valid")
}
}
Output: - Algorithm: SHA1 - Period: 30 - Secret Size: 128 - Skew (time tolerance): 1 - Digits: 6 * Validation result: Passcode is valid
Example (Advanced) ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Options to generate a new key. The secret will be generated randomly.
opts := totp.Options{
Issuer: "Example.com",
AccountName: "alice@example.com",
Algorithm: totp.Algorithm("SHA1"), // Choices are: MD5, SHA1, SHA256 and SHA512
Period: 60, // Validity period in seconds
SecretSize: 20, // Secret key size in bytes
Skew: 0, // Number of periods before or after the current time to allow.
Digits: totp.Digits(8), // Choices are: 6 and 8
}
// Generate a new secret key
key, err := totp.GenerateKeyCustom(opts)
if err != nil {
log.Fatal(err)
}
// Generate 8 digits passcode that are valid for 60 seconds (see options above)
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode
if key.Validate(passcode) {
fmt.Println("Passcode is valid")
}
}
Output: Passcode is valid
Example (Custom) ¶
This example demonstrates how to generate a new secret key with custom options and validate the passcode.
Since most TOTP authenticator apps are based on SHA1 hashing algorithm to generate the passcode, this example is useful when you need to generate the passcode with a stronger hash algorithm such as SHA256 and SHA512.
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Generate a new secret key with custom options
Issuer := "Example.com"
AccountName := "alice@example.com"
key, err := totp.GenerateKey(Issuer, AccountName,
// Algorithm choices are: MD5, SHA1, SHA256 and SHA512.
totp.WithAlgorithm(totp.Algorithm("SHA256")),
totp.WithPeriod(15),
totp.WithSecretSize(256),
totp.WithSkew(5),
totp.WithDigits(totp.DigitsEight),
)
if err != nil {
log.Fatal(err)
}
// Generate 8 digits passcode (valid for 15 ± 5 seconds)
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode
if key.Validate(passcode) {
fmt.Println("Passcode is valid")
}
}
Output: Passcode is valid
Example (Ecdh) ¶
This example demonstrates how to generate a new TOTP secret key from a shared secret of ECDH (Elliptic Curve Diffie-Hellman) key exchange.
Meaning that two parties can generate a common TOTP passcode by exchanging their ECDH public keys.
The aim of this functionality is to allow the user to generate a common but ephemeral secret value (the generated TOTP passcode) for additional security. Such as time-based salt for hashing, etc.
In this example, we pretend that Alice and Bob want to generate a common TOTP passcode for their communication. And they have exchanged their ECDH public keys securely with no-man-in-the-middle attack.
Let's see how Alice generates a common TOTP passcode between her and Bob!
package main
import (
"crypto/ecdh"
"crypto/rand"
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// ------------------------------------------------------------------------
// Pre-agreement between Alice and Bob.
// ------------------------------------------------------------------------
// Both parties must use the same protocol (agreed options) so that the
// same shared secret is created and use it to generate a same TOTP
// passcode within the same time frame.
//
// The curve type.
commonCurve := ecdh.X25519()
// A consistent and common context between the two parties. It will be used
// as a salt-like value for the TOTP secret key derivation.
commonCtx := "example.com alice@example.com bob@example.com TOTP secret v1"
// Common options for the TOTP passcode generation.
commonOpts := totp.Options{
AccountName: "", // Name of the user. Empty due to be overridden
Issuer: "", // Name of the service. Empty due to be overridden
Algorithm: totp.Algorithm("SHA512"), // Algorithm for passcode generation
Digits: totp.DigitsEight, // Number of digits for the passcode
Period: 60 * 30, // Interval of the passcode validity
SecretSize: 32, // Size of the TOTP secret key in bytes
Skew: 1, // Number of periods as tolerance (+/-)
}
// ------------------------------------------------------------------------
// Key exchange between Alice and Bob.
// ------------------------------------------------------------------------
// We pretend that Alice and Bob have exchanged their ECDH public keys
// securely. In a real-world scenario, you must not expose your private
// key to the public by any means.
alicePriv, alicePub := testGetECDHKeysForAlice(commonCurve)
bobPriv, bobPub := testGetECDHKeysForBob(commonCurve)
// ------------------------------------------------------------------------
// Generate a new TOTP key for Alice
// ------------------------------------------------------------------------
Issuer := "Example.com" // name of the service
AccountName := "alice@example.com" // name of the user
key, err := totp.GenerateKey(Issuer, AccountName,
// Use the ECDH shared secret between Alice and Bob as the base of the
// TOTP secret key. A common and consistent context is required.
//
// The size of the shared ECDH secret is 32 bytes. The secret TOTP key
// is therefore derived from this shared secret using the key derivation
// function (KDF) set in the options to stretch up to the options.SecretSize.
// The default KDF is BLAKE3.
totp.WithECDH(alicePriv, bobPub, commonCtx),
// Other options can be set as well. But they must be the same between
// the two parties.
totp.WithAlgorithm(commonOpts.Algorithm),
totp.WithDigits(commonOpts.Digits),
totp.WithPeriod(commonOpts.Period),
totp.WithSecretSize(commonOpts.SecretSize),
totp.WithSkew(commonOpts.Skew),
)
if err != nil {
log.Fatal(err)
}
// Alice generates 8 digits of TOTP passcode
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Bob validates the passcode
result := letBobValidate(passcode, bobPriv, alicePub, commonOpts)
fmt.Println(result)
}
func letBobValidate(
alicePasscode string,
bobPriv *ecdh.PrivateKey,
alicePub *ecdh.PublicKey,
commonOpts totp.Options,
) string {
commonCtx := "example.com alice@example.com bob@example.com TOTP secret v1"
Issuer := "Example.com"
AccountName := "bob@example.com"
key, err := totp.GenerateKey(Issuer, AccountName,
totp.WithECDH(bobPriv, alicePub, commonCtx),
totp.WithPeriod(commonOpts.Period),
totp.WithAlgorithm(commonOpts.Algorithm),
totp.WithSecretSize(commonOpts.SecretSize),
totp.WithSkew(commonOpts.Skew),
totp.WithDigits(commonOpts.Digits),
)
if err != nil {
log.Fatal(err)
}
if key.Validate(alicePasscode) {
return "* Validation result: Passcode is valid"
}
return "* Validation result: Passcode is invalid"
}
// This is a dummy function to return Alice's ECDH private key.
// In a real-world scenario, you would generate this key securely.
//
// paramCommon is the curve type agreed between Alice and Bob.
func testGetECDHKeysForAlice(paramCommon ecdh.Curve) (*ecdh.PrivateKey, *ecdh.PublicKey) {
alicePriv, err := paramCommon.GenerateKey(rand.Reader)
if err != nil {
log.Fatal(err, "failed to generate Alice's ECDH private key for example")
}
return alicePriv, alicePriv.PublicKey()
}
// This is a dummy function to return Bob's ECDH public key.
// In a real-world scenario, you would obtain this key securely.
//
// paramCommon is the curve type agreed between Alice and Bob.
func testGetECDHKeysForBob(paramCommon ecdh.Curve) (*ecdh.PrivateKey, *ecdh.PublicKey) {
bobPriv, err := paramCommon.GenerateKey(rand.Reader)
if err != nil {
log.Fatal(err, "failed to generate Alice's ECDH private key for example")
}
return bobPriv, bobPriv.PublicKey()
}
Output: * Validation result: Passcode is valid
Index ¶
- Constants
- func OptionKDFDefault(secret, ctx []byte, outLen uint) ([]byte, error)
- func StrToUint(number string) uint
- func Validate(passcode, secret string, options Options) bool
- func ValidateCustom(passcode, secret string, validationTime time.Time, options Options) bool
- type Algorithm
- type Digits
- type FixLevel
- type Key
- func GenKeyFromPEM(pemKey string) (*Key, error)
- func GenKeyFromURI(uri string) (*Key, error)
- func GenerateKey(issuer string, accountName string, opts ...Option) (*Key, error)
- func GenerateKeyCustom(options Options) (*Key, error)
- func GenerateKeyPEM(pemKey string) (*Key, error)deprecated
- func GenerateKeyURI(uri string) (*Key, error)deprecated
- func (k *Key) PEM() (string, error)
- func (k *Key) PassCode() (string, error)
- func (k *Key) PassCodeCustom(genTime time.Time) (string, error)
- func (k *Key) QRCode(fixLevel FixLevel) (*QRCode, error)
- func (k *Key) String() string
- func (k *Key) URI() string
- func (k *Key) Validate(passcode string) bool
- func (k *Key) ValidateCustom(passcode string, validationTime time.Time) bool
- type Option
- func WithAlgorithm(algo Algorithm) Option
- func WithDigits(digits Digits) Option
- func WithECDH(localKey *ecdh.PrivateKey, remoteKey *ecdh.PublicKey, context string) Option
- func WithECDHKDF(userKDF func(secret, ctx []byte, outLen uint) ([]byte, error)) Option
- func WithPeriod(period uint) Option
- func WithSecretSize(size uint) Option
- func WithSkew(skew uint) Option
- type Options
- type QRCode
- type Secret
- type URI
- func (u URI) AccountName() string
- func (u URI) Algorithm() string
- func (u URI) Check() error
- func (u URI) Digits() uint
- func (u URI) Host() string
- func (u URI) Issuer() string
- func (u URI) IssuerFromPath() string
- func (u URI) Path() string
- func (u URI) Period() uint
- func (u URI) Scheme() string
- func (u URI) Secret() Secret
- func (u URI) String() string
Examples ¶
- Package
- Package (Advanced)
- Package (Custom)
- Package (Ecdh)
- Algorithm
- Algorithm.IsSupported
- Digits
- GenKeyFromPEM
- GenKeyFromURI
- Key
- Key (Regenerate1)
- Key (Regenerate2)
- Key.PEM
- Key.PassCode
- Key.PassCodeCustom
- Key.QRCode
- Key.String
- Key.URI
- NewOptions
- NewSecretBytes
- Options
- Secret
- Secret.Base64
- StrToUint
- URI
- URI.IssuerFromPath
- Validate
- WithECDHKDF
Constants ¶
View Source
const ( // FixLevel30 is the highest level of error correction for QR codes, capable // of recovering 30% of the data. FixLevel30 = FixLevel(qr.H) // FixLevel25 is a qualified error correction level for QR codes, which can // recover 25% of the data. FixLevel25 = FixLevel(qr.Q) // FixLevel15 is a medium error correction level for QR codes, capable of // recovering 15% of the data. FixLevel15 = FixLevel(qr.M) // FixLevel7 is the lowest level of error correction for QR codes and can // recover 7% of the data. FixLevel7 = FixLevel(qr.L) // FixLevelDefault is the default error correction level for QR codes. // Currently set to FixLevel15. FixLevelDefault = FixLevel15 )
Error correction level for QR code.
View Source
const ( OptionAlgorithmDefault = Algorithm("SHA1") // Google Authenticator does not work other than SHA1. OptionDigitsDefault = Digits(6) // Google Authenticator does not work other than 6 digits. OptionPeriodDefault = uint(30) // 30 seconds is recommended in RFC-6238. OptionSecretSizeDefault = uint(128) // 128 Bytes. OptionSkewDefault = uint(1) // ± 1 period of tolerance. )
Constants for the default values of the options.
View Source
const BlockTypeTOTP = "TOTP SECRET KEY"
BlockTypeTOTP is the type of a PEM encoded data block.
Variables ¶
This section is empty.
Functions ¶
func OptionKDFDefault ¶
OptionKDFDefault is the default key derivation function (KDF) for TOTP secret key derivation from ECDH shared secret. The underlying KDF is BLAKE3.
func StrToUint ¶
StrToUint converts a string to an unsigned integer. If the string is not a valid integer or out of range of int32, it returns 0.
Example ¶
package main
import (
"fmt"
"strconv"
"github.com/KEINOS/go-totp/totp"
)
func main() {
str1 := "1234567890"
uint1 := totp.StrToUint(str1)
fmt.Printf("uint1: %v, type: %T\n", uint1, uint1)
// Note that number that overflows the uint will return 0.
str2 := strconv.FormatUint(uint64(0xFFFFFFFF+1), 10)
uint2 := totp.StrToUint(str2)
fmt.Printf("uint2: %v, type: %T\n", uint2, uint2)
}
Output: uint1: 1234567890, type: uint uint2: 0, type: uint
func Validate ¶
Validate returns true if the given passcode is valid for the secret and options at the current time.
The passcode should be a string of 6 or 8 digit number and the secret should be a base32 encoded string.
Usually, Key.Validate() method is used to validate the passcode. Use this function if you have the values and simply want to validate the passcode.
Example ¶
Validate function is a short hand of totp.Key.Validate() functionality.
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Create a new Key object via URI to obtain the current passcode.
uri := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=12&issuer=Example.com&period=60&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
key, err := totp.GenKeyFromURI(uri)
if err != nil {
log.Fatal(err)
}
// Get values needed for the function arguments.
options := key.Options
secret := key.Secret.Base32()
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode via Key.Validate() method.
if key.Validate(passcode) {
fmt.Println("Passcode is valid. Checked via Key.Validate() method.")
}
// Validate the passcode via Validate() function.
if totp.Validate(passcode, secret, options) {
fmt.Println("Passcode is valid. Checked via Validate() function.")
}
}
Output: Passcode is valid. Checked via Key.Validate() method. Passcode is valid. Checked via Validate() function.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm is a string that represents the algorithm used to generate the passcode (for HMAC).
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Create a new Algorithm object from a string for passcode generation.
// Choices are:
// MD5, SHA1, SHA256 and SHA512.
algo, err := totp.NewAlgorithmStr("SHA512")
if err != nil {
log.Fatal(err)
}
fmt.Println("Algorithm:", algo.String())
fmt.Println("Algorithm ID:", algo.ID())
fmt.Printf("Type: %T\n", algo.OTPAlgorithm())
}
Output: Algorithm: SHA512 Algorithm ID: 2 Type: otp.Algorithm
func NewAlgorithmID ¶
NewAlgorithmID creates a new Algorithm object from an int.
It is not an usual way to create an Algorithm object. It is used to convert the ID of the algorithm to the Algorithm object for checking purposes.
func NewAlgorithmStr ¶
NewAlgorithmStr creates a new Algorithm object from a string that is used to generate the passcode. Choices of algo are:
MD5, SHA1, SHA256 and SHA512.
func (Algorithm) ID ¶
ID returns the ID of the algorithm which is the same int value as the original OTP library.
Undefined ID will always return 2 (SHA512).
func (Algorithm) IsSupported ¶
IsSupported returns true if the algorithm is supported.
Example ¶
package main
import (
"fmt"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Set unsupported algorithm for passcode generation
algo := totp.Algorithm("BLAKE3")
// Check if the algorithm is supported
if algo.IsSupported() {
fmt.Println("Algorithm is supported")
} else {
fmt.Println("Algorithm is not supported")
}
}
Output: Algorithm is not supported
func (Algorithm) OTPAlgorithm ¶
OTPAlgorithm is similar to ID() but returns in the original type of the OTP library.
Undefined Algorithm type will always return `otp.AlgorithmSHA512`.
type Digits ¶
type Digits uint
Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values.
Example ¶
package main
import (
"fmt"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Create a new Digits object from a number. Choices are:
// 6 and 8.
digits := totp.NewDigitsInt(8)
fmt.Println("Digits:", digits)
fmt.Println("Digits ID:", digits.OTPDigits())
// DigitsEight is equivalent to NewDigits(8)
if totp.DigitsEight == totp.NewDigitsInt(8) {
fmt.Println("Digit 8", "OK")
}
// DigitsSix is equivalent to NewDigits(6)
if totp.DigitsSix == totp.NewDigitsInt(6) {
fmt.Println("Digit 6", "OK")
}
}
Output: Digits: 8 Digits ID: 8 Digit 8 OK Digit 6 OK
func NewDigitsInt ¶
NewDigitsInt returns a new Digits object from the given value. If the value is less than zero, it will return DigitsSix.
func NewDigitsStr ¶
NewDigitsStr returns a new Digits object from the given string in decimal format.
type FixLevel ¶
type FixLevel byte
FixLevel is the error correction level for QR code. Use `FixLevel*` constants to set the level.
type Key ¶
Key is a struct that holds the TOTP secret and its options.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Generate a new secret key with default options.
Issuer := "Example.com"
AccountName := "alice@example.com"
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
// Generate 6 digits passcode (valid for 30 seconds)
// For generating a passcode for a custom time, use PassCodeCustom() method.
passCode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode
if key.Validate(passCode) {
fmt.Println("Given passcode is valid")
}
}
Output: Given passcode is valid
Example (Regenerate1) ¶
In this example, we will re-generate/recover a new Key object from a backed-up secret key value.
The point to recover the Key object is simply to overwrite the secret key value with the backed-up value.
If you simply want to validate a passcode with a backed-up secret key value, use the totp.Validate() function instead.
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// The backed-up secret key value (in case of Base32 encoded)
oldSecret := "QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
// Step1: Generate a brand new Key object
Issuer := "Example.com"
AccountName := "alice@example.com"
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
// Step2: Cast the backed-up secret key value to a Secret object
newSecret, err := totp.NewSecretBase32(oldSecret)
if err != nil {
log.Fatal(err)
}
// Step3: Ensure the secret key size is the same as the new key object
key.Options.SecretSize = uint(len(newSecret.Bytes()))
// Step4: Overwrite the secret key value with the backed-up value
key.Secret = newSecret
// Step5: Backup the TOTP key object in PEM format this time
keyPEM, err := key.PEM()
if err != nil {
log.Fatal(err)
}
fmt.Println(keyPEM) // Save this data
}
Output: -----BEGIN TOTP SECRET KEY----- Account Name: alice@example.com Algorithm: SHA1 Digits: 6 Issuer: Example.com Period: 30 Secret Size: 20 Skew: 1 gX7ff3VlT4sCakCjQH69ZQxTbzs= -----END TOTP SECRET KEY-----
Example (Regenerate2) ¶
In this example, we will re-generate/recover a new Key object from a backed-up secret key value.
This does the same as the previous example but with a different approach. Choose the one that suits your needs.
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Step1: Generate a totp.Secret object from a backed-up secret key value
secret, err := totp.NewSecretBase32("QF7N673VMVHYWATKICRUA7V5MUGFG3Z3")
if err != nil {
log.Fatal(err)
}
// Step2: Generate a new totp.Options object with default values but with the
// secret key size set to the same as the backed-up secret key value.
options, err := totp.NewOptions("Example.com", "alice@example.com")
if err != nil {
log.Fatal(err)
}
options.SecretSize = uint(len(secret.Bytes()))
// Step3: Generate a new totp.Key object.
key := totp.Key{
Secret: secret,
Options: *options,
}
// Step4: Backup the TOTP key object in PEM format this time
keyPEM, err := key.PEM()
if err != nil {
log.Fatal(err)
}
fmt.Println(keyPEM) // Save this data
}
Output: -----BEGIN TOTP SECRET KEY----- Account Name: alice@example.com Algorithm: SHA1 Digits: 6 Issuer: Example.com Period: 30 Secret Size: 20 Skew: 1 gX7ff3VlT4sCakCjQH69ZQxTbzs= -----END TOTP SECRET KEY-----
func GenKeyFromPEM ¶ added in v0.1.1
GenKeyFromPEM creates a new Key object from a PEM formatted string.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
pemData := `
-----BEGIN TOTP SECRET KEY-----
Account Name: alice@example.com
Algorithm: SHA1
Digits: 8
Issuer: Example.com
Period: 30
Secret Size: 64
Skew: 1
gX7ff3VlT4sCakCjQH69ZQxTbzs=
-----END TOTP SECRET KEY-----`
key, err := totp.GenKeyFromPEM(pemData)
if err != nil {
log.Fatal(err)
}
fmt.Println("AccountName:", key.Options.AccountName)
fmt.Println("Algorithm:", key.Options.Algorithm)
fmt.Println("Digits:", key.Options.Digits)
fmt.Println("Issuer:", key.Options.Issuer)
fmt.Println("Period:", key.Options.Period)
fmt.Println("Secret Size:", key.Options.SecretSize)
fmt.Println("Skew:", key.Options.Skew)
fmt.Println("Secret:", key.Secret.Base32())
}
Output: AccountName: alice@example.com Algorithm: SHA1 Digits: 8 Issuer: Example.com Period: 30 Secret Size: 64 Skew: 1 Secret: QF7N673VMVHYWATKICRUA7V5MUGFG3Z3
func GenKeyFromURI ¶ added in v0.2.0
GenKeyFromURI creates a new Key object from an TOTP uri/url. The URL format is documented here:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=12&issuer=Example.com&period=60&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
key, err := totp.GenKeyFromURI(origin)
if err != nil {
log.Fatal(err)
}
fmt.Println("Issuer:", key.Options.Issuer)
fmt.Println("AccountName:", key.Options.AccountName)
fmt.Println("Algorithm:", key.Options.Algorithm)
fmt.Println("Digits:", key.Options.Digits)
fmt.Println("Period:", key.Options.Period)
fmt.Println("Secret Size:", key.Options.SecretSize)
fmt.Println("Secret:", key.Secret.String())
}
Output: Issuer: Example.com AccountName: alice@example.com Algorithm: SHA1 Digits: 12 Period: 60 Secret Size: 20 Secret: QF7N673VMVHYWATKICRUA7V5MUGFG3Z3
func GenerateKey ¶
GenerateKey creates a new Key object with default options. Which is:
SHA-512 hash for HMAC, 30 seconds of period, 64 byte size of secret and 6 digits of passcode.
To customize the options, use the With* functions from the options.go file. For advanced customization, use GenerateKeyCustom() instead.
func GenerateKeyCustom ¶
GenerateKeyCustom creates a new Key object with custom options.
Usually, `GenerateKey` with options is enough for most cases. But if you need more control over the options, use this function.
func GenerateKeyPEM
deprecated
GenerateKeyPEM creates a new Key object from a PEM formatted string.
Deprecated: Use GenKeyFromPEM() instead. This function will be removed in the next major release. Currently it is an alias to GenKeyFromPEM(). For more information, see: https://github.com/KEINOS/go-totp/issues/14
func GenerateKeyURI
deprecated
GenerateKeyURI creates a new Key object from an TOTP uri/url.
Deprecated: Use GenKeyFromURI() instead. This function will be removed in the next major release. Currently it is an alias to GenKeyFromURI(). For more information, see: https://github.com/KEINOS/go-totp/issues/14
func (*Key) PEM ¶
PEM returns the key in PEM formatted string.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=6&issuer=Example.com&period=30&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
key, err := totp.GenKeyFromURI(origin)
if err != nil {
log.Fatal(err)
}
keyPEM, err := key.PEM()
if err != nil {
log.Fatal(err)
}
fmt.Println(keyPEM)
}
Output: -----BEGIN TOTP SECRET KEY----- Account Name: alice@example.com Algorithm: SHA1 Digits: 6 Issuer: Example.com Period: 30 Secret Size: 20 Skew: 1 gX7ff3VlT4sCakCjQH69ZQxTbzs= -----END TOTP SECRET KEY-----
func (*Key) PassCode ¶
PassCode generates a 6 or 8 digits passcode for the current time. The output string will be eg. "123456" or "12345678".
Example ¶
package main
import (
"fmt"
"log"
"time"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Generate a new secret key
Issuer := "Example.com"
AccountName := "alice@example.com"
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
// Generate 6 digits passcode (valid for 30 seconds)
code, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Validate the passcode
if key.Validate(code) {
fmt.Println("Passcode is valid with current time")
}
// Validate the passcode with a custom time
validationTime := time.Now().Add(-300 * time.Second)
if key.ValidateCustom(code, validationTime) {
fmt.Println("Passcode is valid with custom time")
} else {
fmt.Println("Passcode is invalid with custom time")
}
}
Output: Passcode is valid with current time Passcode is invalid with custom time
func (*Key) PassCodeCustom ¶ added in v0.2.0
PassCodeCustom is similar to PassCode() but allows you to specify the time to generate the passcode.
Example ¶
package main
import (
"fmt"
"log"
"time"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Generate a new secret key
Issuer := "Example.com"
AccountName := "alice@example.com"
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
timeNow := time.Now()
// Generate a passcode for a specific time (300 seconds ago)
code, err := key.PassCodeCustom(timeNow.Add(-300 * time.Second))
if err != nil {
log.Fatal(err)
}
// Validating with the current time should fail
if key.Validate(code) {
fmt.Println("Passcode is valid with current time")
} else {
fmt.Println("Passcode is invalid with current time")
}
// To validate a passcode for a specific time, use ValidateCustom()
// method.
validationTime := timeNow.Add(-300 * time.Second)
if key.ValidateCustom(code, validationTime) {
fmt.Println("Passcode is valid with custom time")
} else {
fmt.Println("Passcode is invalid with custom time")
}
}
Output: Passcode is invalid with current time Passcode is valid with custom time
func (*Key) QRCode ¶
QRCode returns a QR code image of a specified width and height, suitable for registering a user's TOTP URI with many clients, such as Google-Authenticator.
Example ¶
package main
import (
"encoding/hex"
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=6&issuer=Example.com&period=30&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
// Create a new Key object from a URI
key, err := totp.GenKeyFromURI(origin)
if err != nil {
log.Fatal(err)
}
// Create QRCode object
imgQRCode, err := key.QRCode(totp.FixLevelDefault)
if err != nil {
log.Fatal(err)
}
// Get PNG image in bytes
pngImage, err := imgQRCode.PNG(100, 100)
if err != nil {
log.Fatal(err)
}
actual := hex.EncodeToString(pngImage)
expect := `89504e470d0a1a0a0000000d4948445200000064000000641000000000051` +
`916cb0000040549444154789ce45ced6edb400c9387bcff2b67180a2f324d5272ff` +
`95d59f35f7691f4f12a9047bbddf1561afaae3d0dde76bf631bdeddfdffd5f370fd` +
`7c5f99b7df473fef1eff973ecf5f50fbb60ec74b01dfbce93eba7cce6633fae778e` +
`617dfc39d310a90101e503bdbff7f55357779ba1727e763ec69f231191c9f094ce1` +
`3c5c88363b17f4217db7709e23722c20c917077daa1721aa2be4fd789886cdebe9f` +
`6e3796a927b4703f8c722ad7f0e74c43c4f198d3d489bb2c5dc28fa6f90a19fd9c4` +
`9883c21f2d33d7ec68fb83994b4c52072bcdf8e1339edd1e76c4f7d42df4536bf5e` +
`1a2235a8b6291f4c116c52932c32b13d35a28988d4a033f054a6d355e3e5a318e49` +
`53f7eda9210f9ffa7f095d3143762f3a7317d4d75f2ac4d71b83c443668a87c33f1` +
`afefa08aa67ceef339061150882ebef77665937e983489da57a1f1b12444b675277` +
`7f771ceac1f7ccd6bc316aef5b32444746cf6a75ea6eac1906111ab4424ab07dc2f` +
`2f6a3da9064eda5ef988d335389fadc9d6ba5a0c22c7f5fd9c9ea8413b383e44b71` +
`e1057be837d79510b4dc56f15a9b67fe33ab8966b57d59bcffa31881085e878ce94` +
`6f9efa85426ce387578b41c47c3fc232b8d21e7d8eb29e5f7a5b01b25b34aee8262` +
`1a2388dd3112ab239a5c8d639cd2947e74b15f93dfbe6edcb54fe948a448ec4d6c1` +
`f570bee263773f4942a408b364a7dfc74cd590d3b61a67529fb8ce7dbf2444d4292` +
`8fea3fa3677ba067ee5f290afac2421b2b9df657247895f3738fec5c6d7c0a7fc33` +
`2621c24cc575e507cecfd867c59291b7b95ac115bd34442625876dea2ebb0c8fa7e` +
`b7899aa9c689f4a4264d20865eeee5431615ac5b16336cead9b19b55cd564527c4e` +
`6fa87bddc72aff62151b857a586637954616955c1564f22d77baca7fdc3e95f93df` +
`be02365f4b33aedd354b545b5b1bdd83adc921029f1d6ea2ebbaa8932a5f19d8264` +
`63b5928d4184fc824e2941759fb7999d459f890de33e257d2c0691d7acbd550c67a` +
`69800e366ee84fbbc69cf2f4b42a408ffaf21533b1dcea2df661eeea9d6e53e1983` +
`c8717f371769b0ed0903c6cf133a684abf87b15f52fb75bc0bc73afdcdc697d1e3b` +
`8a68aa01c993444ca5416ddbd76f7d621d7f798b4067e663e1c94d9e157a6b560a4` +
`45eeaa53747d5d954fb62c5a5b1222b31edee9f05a565ea63536ebe0b83c1fb1430` +
`ca3ddf84e5fc75544702fa791ea7653621059fc9f0f4f3484e24f8a2594f9b6d865` +
`f5fbb82444eac1f77c5d13e058cf4e791f8e719ccd7b731a22356873773fd538869` +
`ccb190e15c5bb2a568f4ca62257b72d3b9ea2e471785fc1bd33a3d664131a38ae8c` +
`26a9bafb113b75c584d197c27ca4d57e6f5ddfc80d6abc9a37712dd6c77d330d116` +
`51839d4bd773ae3b29dc8d893f6708ab2b2aaf10b3df233ec6f000000ffffa0404e` +
`fb1e0ab59a0000000049454e44ae426082`
// Assert equal image
if expect == actual {
fmt.Println("OK")
}
}
Output: OK
func (*Key) String ¶ added in v0.2.0
String returns a string representation of the key in URI format.
It is an implementation of the fmt.Stringer interface.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := `
-----BEGIN TOTP SECRET KEY-----
Account Name: alice@example.com
Algorithm: SHA1
Digits: 12
Issuer: Example.com
Period: 60
Secret Size: 20
Skew: 0
gX7ff3VlT4sCakCjQH69ZQxTbzs=
-----END TOTP SECRET KEY-----
`
key, err := totp.GenKeyFromPEM(origin)
if err != nil {
log.Fatal(err)
}
expect := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=12&issuer=Example.com&period=60&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
actual := key.String()
if expect == actual {
fmt.Println("URI returned as expected")
}
}
Output: URI returned as expected
func (*Key) URI ¶
URI returns the key in OTP URI format.
It re-generates the URI from the values stored in the Key object and will not use the original URI.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=12&issuer=Example.com&period=60&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
key, err := totp.GenKeyFromURI(origin)
if err != nil {
log.Fatal(err)
}
expect := origin
actual := key.URI() // regenerate URI
if expect == actual {
fmt.Println("URI returned as expected")
}
}
Output: URI returned as expected
type Option ¶ added in v0.2.0
Option is a function that applies an option to the given Options. It should return an error if the option is nil or invalid.
func WithAlgorithm ¶ added in v0.2.0
WithAlgorithm sets the Algorithm to use for HMAC (Default: Algorithm("SHA512")).
func WithDigits ¶ added in v0.2.0
WithDigits sets the Digits to request TOTP code. Choices are DigitsSix or DigitsEight (Default: DigitsSix).
func WithECDH ¶ added in v0.2.0
WithECDH sets a hashed ECDH shared secret as the TOTP secret from the given ECDH private key and the correspondent's ECDH public key.
Important:
Both ECDH keys must be generated from the same curve type.
context is required as a consistent string between the two parties.
Both parties must use the same context to generate the same shared secret. The context string can be anything, but it must be consistent between the two parties. The recommended format is:
"[issuer] [sorted account names] [purpose] [version]"
e.g.) "example.com alice@example.com bob@example.com TOTP secret v1"
func WithECDHKDF ¶
WithECDHKDF sets the userKDF, user definded key derivation function, to derive a TOTP secret key from a ECDH shared secret.
The function must implement the totp.KDF interface. If userKDF is nil, it uses the default KDF which is Blake3.
Example ¶
package main
import (
"crypto/ecdh"
"crypto/rand"
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// ------------------------------------------------------------------------
// Pre-agreement between Alice and Bob.
// ------------------------------------------------------------------------
// See the Example_ecdh() example for the details.
commonCurve := ecdh.X25519()
commonCtx := "example.com alice@example.com bob@example.com TOTP secret v1"
// ------------------------------------------------------------------------
// Key exchange between Alice and Bob.
// ------------------------------------------------------------------------
alicePriv, alicePub := testGetECDHKeysForAlice(commonCurve)
bobPriv, bobPub := testGetECDHKeysForBob(commonCurve)
// ------------------------------------------------------------------------
// Generate a new TOTP key for Alice
// ------------------------------------------------------------------------
Issuer := "Example.com" // name of the service
AccountName := "alice@example.com" // name of the user
key, err := totp.GenerateKey(Issuer, AccountName,
totp.WithECDH(alicePriv, bobPub, commonCtx),
// You can assign a custom function to derive the TOTP secret key from
// the ECDH shared secret. The default is BLAKE3. Any function that
// implements the totp.KDF interface can be used.
totp.WithECDHKDF(totp.OptionKDFDefault),
)
if err != nil {
log.Fatal(err)
}
commonOpts := key.Options // Bob must use the same options as Alice
// Alice generates 8 digits of TOTP passcode
passcode, err := key.PassCode()
if err != nil {
log.Fatal(err)
}
// Bob validates the passcode
result := letBobValidate(passcode, bobPriv, alicePub, commonOpts)
fmt.Println(result)
}
func letBobValidate(
alicePasscode string,
bobPriv *ecdh.PrivateKey,
alicePub *ecdh.PublicKey,
commonOpts totp.Options,
) string {
commonCtx := "example.com alice@example.com bob@example.com TOTP secret v1"
Issuer := "Example.com"
AccountName := "bob@example.com"
key, err := totp.GenerateKey(Issuer, AccountName,
totp.WithECDH(bobPriv, alicePub, commonCtx),
totp.WithPeriod(commonOpts.Period),
totp.WithAlgorithm(commonOpts.Algorithm),
totp.WithSecretSize(commonOpts.SecretSize),
totp.WithSkew(commonOpts.Skew),
totp.WithDigits(commonOpts.Digits),
)
if err != nil {
log.Fatal(err)
}
if key.Validate(alicePasscode) {
return "* Validation result: Passcode is valid"
}
return "* Validation result: Passcode is invalid"
}
// This is a dummy function to return Alice's ECDH private key.
// In a real-world scenario, you would generate this key securely.
//
// paramCommon is the curve type agreed between Alice and Bob.
func testGetECDHKeysForAlice(paramCommon ecdh.Curve) (*ecdh.PrivateKey, *ecdh.PublicKey) {
alicePriv, err := paramCommon.GenerateKey(rand.Reader)
if err != nil {
log.Fatal(err, "failed to generate Alice's ECDH private key for example")
}
return alicePriv, alicePriv.PublicKey()
}
// This is a dummy function to return Bob's ECDH public key.
// In a real-world scenario, you would obtain this key securely.
//
// paramCommon is the curve type agreed between Alice and Bob.
func testGetECDHKeysForBob(paramCommon ecdh.Curve) (*ecdh.PrivateKey, *ecdh.PublicKey) {
bobPriv, err := paramCommon.GenerateKey(rand.Reader)
if err != nil {
log.Fatal(err, "failed to generate Alice's ECDH private key for example")
}
return bobPriv, bobPriv.PublicKey()
}
Output: * Validation result: Passcode is valid
func WithPeriod ¶ added in v0.2.0
WithPeriod sets the number of seconds a TOTP hash is valid for (Default: 30 seconds).
func WithSecretSize ¶ added in v0.2.0
WithSecretSize sets the size of the generated Secret (Default: 128 bytes).
type Options ¶
type Options struct {
// AccountName is the name of the secret key owner. (eg, email address)
AccountName string
// Algorithm to use for HMAC to generate the TOTP passcode.
// (Default: Algorithm("SHA1"))
//
// Note that this is not the same hash algorithm used for the secret key
// generated via ECDH.
Algorithm Algorithm
// Digits to request TOTP code. DigitsSix or DigitsEight. (Default: DigitsSix)
Digits Digits
// Issuer is the name of the issuer of the secret key.
// (eg, organization, company, domain)
Issuer string
// Period is the number of seconds a TOTP hash is valid for.
// (Default: 30 seconds)
Period uint
// SecretSize is the size of the generated Secret. (Default: 128 bytes)
SecretSize uint
// Skew is the periods before or after the current time to allow. (Default: 1)
//
// Value of 1 allows up to Period of either side of the specified time.
// Values greater than 1 are likely sketchy.
Skew uint
// contains filtered or unexported fields
}
Options is a struct that holds the options for a TOTP key. Use SetDefault() to set the default values.
Example ¶
package main
import (
"fmt"
"github.com/KEINOS/go-totp/totp"
)
func main() {
options := totp.Options{
Issuer: "Example.com",
AccountName: "alice@example.com",
}
options.SetDefault()
/* List all option and their default values. */
// Issuer is the name of the service who issued the secret.
fmt.Println("Issuer:", options.Issuer)
// Name of the owner of the secret key.
fmt.Println("AccountName:", options.AccountName)
// Hash algorithm to generate the passcode as HMAC.
fmt.Println("Algorithm:", options.Algorithm)
// Length of the passcode.
fmt.Println("Digits:", options.Digits)
// Valid seconds of passcode issued.
fmt.Println("Period:", options.Period)
// Size of the secret key in bytes.
fmt.Println("Secret Size:", options.SecretSize)
// Skew is an acceptable range of time before and after. Value of 1 allows
// up to Period of either side of the specified time.
fmt.Println("Skew:", options.Skew)
}
Output: Issuer: Example.com AccountName: alice@example.com Algorithm: SHA1 Digits: 6 Period: 30 Secret Size: 128 Skew: 1
func NewOptions ¶
NewOptions returns a new Options struct with the default values. Issuer and AccountName are required.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// Create a new Options object with default values.
opt1, err := totp.NewOptions("Example.com", "alice@example.com")
if err != nil {
log.Fatal(err)
}
// For default values, see the example of Options type.
fmt.Printf("Type: %T\n", opt1)
fmt.Printf("Issuer: %s\n", opt1.Issuer)
fmt.Printf("Account Name: %s\n", opt1.AccountName)
// Issuer and Account Name are required.
opt2, err := totp.NewOptions("", "")
// Assert error
if err != nil {
fmt.Println("Error msg:", err.Error())
}
// Assert nil on error
if opt2 != nil {
log.Fatal("NewOptions() should return nil on error")
}
}
Output: Type: *totp.Options Issuer: Example.com Account Name: alice@example.com Error msg: issuer and accountName are required
func (*Options) SetDefault ¶
func (opts *Options) SetDefault()
SetDefault sets the undefined options to its default value.
type QRCode ¶
type QRCode struct {
URI URI // URI object to be encoded to QR code image.
Level FixLevel // Level is the error correction level for the QR code.
}
QRCode is a struct that holds the information to create QR code image.
type Secret ¶
type Secret []byte
Secret is a byte slice that represents a secret key.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
// The below lines are the same but with different base-encodings.
base32Secret := "MZXW6IDCMFZCAYTVPJ5A"
base62Secret := "FegjEGvm7g03GQye"
base64Secret := "Zm9vIGJhciBidXp6"
// Instantiate a new Secret object from a base32 encoded string.
secret32, err := totp.NewSecretBase32(base32Secret)
if err != nil {
log.Fatal(err)
}
// Instantiate a new Secret object from a base62 encoded string.
secret62, err := totp.NewSecretBase62(base62Secret)
if err != nil {
log.Fatal(err)
}
// Instantiate a new Secret object from a base64 encoded string.
secret64, err := totp.NewSecretBase64(base64Secret)
if err != nil {
log.Fatal(err)
}
// Once instantiated, you can use the Secret object to get the secret in
// different base-encodings.
fmt.Println("Get as base32 encoded string:", secret64.Base32())
fmt.Println("Get as base62 encoded string:", secret64.Base62())
fmt.Println("Get as base64 encoded string:", secret32.Base64())
// String() method is equivalent to Base32()
if secret62.String() == secret62.Base32() {
fmt.Println("String() is equivalent to Base32()")
}
// To obtain the raw secret value, use the Bytes() method.
fmt.Printf("Base32 secret: %x\n", secret32.Bytes())
fmt.Printf("Base62 secret: %x\n", secret62.Bytes())
fmt.Printf("Base64 secret: %x\n", secret64.Bytes())
}
Output: Get as base32 encoded string: MZXW6IDCMFZCAYTVPJ5A Get as base62 encoded string: FegjEGvm7g03GQye Get as base64 encoded string: Zm9vIGJhciBidXp6 String() is equivalent to Base32() Base32 secret: 666f6f206261722062757a7a Base62 secret: 666f6f206261722062757a7a Base64 secret: 666f6f206261722062757a7a
func NewSecretBase32 ¶
NewSecretBase32 creates a new Secret object from a base32 encoded string. The string must be encoded with no padding.
func NewSecretBase62 ¶
NewSecretBase62 creates a new Secret object from a base62 encoded string.
func NewSecretBase64 ¶
NewSecretBase64 creates a new Secret object from a base64 encoded string. The string must be encoded with standard (RFC 4648) padding.
func NewSecretBytes ¶
NewSecretBytes creates a new Secret object from a byte slice.
Example ¶
package main
import (
"fmt"
"github.com/KEINOS/go-totp/totp"
)
func main() {
data := []byte("some secret")
// Generate a new Secret object from a byte slice.
secret := totp.NewSecretBytes(data)
fmt.Printf("Type: %T\n", secret)
fmt.Printf("Value: %#v\n", secret)
fmt.Printf("Secret bytes: %#x\n", secret.Bytes())
fmt.Println("Secret string:", secret.String())
fmt.Println("Secret Base32:", secret.Base32())
fmt.Println("Secret Base62:", secret.Base62())
fmt.Println("Secret Base64:", secret.Base64())
}
Output: Type: totp.Secret Value: totp.Secret{0x73, 0x6f, 0x6d, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74} Secret bytes: 0x736f6d6520736563726574 Secret string: ONXW2ZJAONSWG4TFOQ Secret Base32: ONXW2ZJAONSWG4TFOQ Secret Base62: bfF9D3ygDyVQZp2 Secret Base64: c29tZSBzZWNyZXQ=
func (Secret) Base32 ¶
Base32 returns the secret as a base32 encoded string with no padding. Which is the standard format used by TOTP URIs.
func (Secret) Base64 ¶
Base64 returns the secret as a base64 encoded string with padding (RFC 4648). This encoding is used in PEM format exports.
Example ¶
package main
import (
"fmt"
"log"
"strings"
"github.com/KEINOS/go-totp/totp"
)
func main() {
Issuer := "Example.com" // name of the service
AccountName := "alice@example.com" // name of the user
// Generate a new secret key with default options.
// Compatible with most TOTP authenticator apps.
key, err := totp.GenerateKey(Issuer, AccountName)
if err != nil {
log.Fatal(err)
}
// Base64 encoded secret key is the same encoding used in the PEM data.
secBase64 := key.Secret.Base64()
pemData, err := key.PEM()
if err != nil {
log.Fatal(err)
}
// Chunk the base64 encoded secret key to 64 characters per line.
// Since the secret in PEM data is usually word-wrapped at 64 characters per
// line.
const lenSplit = 64
var lines []string
for index, char := range secBase64 {
if index%lenSplit == 0 {
lines = append(lines, "")
}
lines[len(lines)-1] += string(char)
}
// Check if the base64 encoded secret key is found in the PEM data.
for index, line := range lines {
if strings.Contains(pemData, line) {
fmt.Println(index+1, "Base64 encoded secret key is found in PEM data")
} else {
fmt.Println(pemData)
fmt.Println(secBase64)
}
}
}
Output: 1 Base64 encoded secret key is found in PEM data 2 Base64 encoded secret key is found in PEM data 3 Base64 encoded secret key is found in PEM data
type URI ¶
type URI string
URI is a string that holds the TOTP URI.
All methods are calculated each time they are called. Therefore, it is recommended to store them. Note also that the values are not validated. For example, `Digits()` method may return any value.
Example ¶
package main
import (
"fmt"
"log"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?algorithm=SHA1&" +
"digits=12&issuer=Example.com&period=60&secret=QF7N673VMVHYWATKICRUA7V5MUGFG3Z3"
uri := totp.URI(origin)
// Check if the URI is correctly formatted with the required fields.
if err := uri.Check(); err != nil {
log.Fatal(err)
}
if uri.String() == origin {
fmt.Println("Raw URI and String is equal: OK")
}
fmt.Println("Scheme:", uri.Scheme())
fmt.Println("Host:", uri.Host())
fmt.Println("Issuer:", uri.Issuer())
fmt.Println("Account Name:", uri.AccountName())
fmt.Println("Algorithm:", uri.Algorithm())
fmt.Println("Secret:", uri.Secret().String())
fmt.Println("Period:", uri.Period())
fmt.Println("Digits:", uri.Digits())
}
Output: Raw URI and String is equal: OK Scheme: otpauth Host: totp Issuer: Example.com Account Name: alice@example.com Algorithm: SHA1 Secret: QF7N673VMVHYWATKICRUA7V5MUGFG3Z3 Period: 60 Digits: 12
func NewURI ¶
NewURI returns a new URI object. It simply returns the casted string as a URI object. To validate if the URI is correctly formatted, use the Check() method.
func (URI) AccountName ¶
AccountName returns the account name from the URI.
func (URI) Check ¶
Check returns true if the URI is correctly formatted and required fields are set.
func (URI) Issuer ¶
Issuer returns the issuer from the URI. Similar to IssuerFromPath() but returns the issuer from the query string instead of the path.
func (URI) IssuerFromPath ¶
IssuerFromPath returns the issuer from the URI. Similar to Issuer() but returns the issuer from the path instead of the query string.
Example ¶
package main
import (
"fmt"
"github.com/KEINOS/go-totp/totp"
)
func main() {
origin := "otpauth://totp/Example.com:alice@example.com?issuer=Wrong.com"
uri := totp.URI(origin)
fmt.Println(uri.IssuerFromPath())
}
Output: Example.com
func (URI) Path ¶
Path returns the path from the URI. Which is used as a "label" for the TOTP. See:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
func (URI) Period ¶
Period returns the number of seconds a TOTP hash is valid for from the URI. If the period is not set or the URL is invalid, it returns 0.
Source Files
![func (q *QRCode) PNG(width, height int) ([]byte, error)](#QRCode.PNG){kind=link}
Click to show internal directories.
Click to hide internal directories.