otp

README

One-Time Passwords in Go

There are other Go implementations of OTP out there, but this one is mine.

2fa: Terminal Authenticator

This project ships with a terminal application for computing one-time passwords using Google Authenticator defaults. See README for full description.

Documentation

Overview

Package otp provides one-time password authentication using both HMAC (HOTP) and time-based (TOTP) approaches.

Index

• Variables
• func GetCode(secret32 string, iv int64, h Hash, digits int) (string, error)
• func GetInterval(period int64) (int64, int64)
• type Hash
• type Key
  • func NewHOTPKey(label, secret32, issuer string, algo Hash, digits, counter int) (*Key, error)
  • func NewKey(uri string) (*Key, error)
  • func NewTOTPKey(label, secret32, issuer string, algo Hash, digits, period int) (*Key, error)
  • func (k *Key) FromURI(uri string) error
  • func (k Key) GetCode(iv int64) (string, error)
  • func (k Key) QrCode() (*qr.Code, error)
  • func (k Key) ToURI() string
  • func (k Key) Validate() error

Variables

var Hashes = []Hash{sha1.New, sha256.New, sha512.New, md5.New}

Supported hash algorithms.

Functions

func GetCode

func GetCode(secret32 string, iv int64, h Hash, digits int) (string, error)

GetCode returns a one-time password. The secret32 parameter is a Base32-encoded HMAC key. The iv parameter is the initialization value. The h parameter is a hash function to use in the HMAC. The digits parameter is the length of returned code.

Example:

code, err := GetCode("MFRGGZDFMZTWQ2LK", 1, sha1.New, 6)

func GetInterval

func GetInterval(period int64) (int64, int64)

GetInterval returns the unix epoch divided by period and the number of seconds remaining till expiration.

Types

type Hash

type Hash func() hash.Hash

Hash represents a function that returns a hash.Hash.

type Key

type Key struct {
	Method   string // Initialization method. Either 'totp' or 'hotp'.
	Label    string // Descriptive label..
	Secret32 string // Base32-encoded secret key.
	Issuer   string // Key issuer.
	Algo     Hash   // Hash algorithm. See Hashes.
	Digits   int    // Length of the code. Either 6 or 8.
	Period   int    // Seconds code is valid for. Applies only to 'totp'.
	Counter  int    // Initial counter value. Applies only to 'hotp'.
}

Key represents a one-time password. It supports time-based (totp) and HMAC-based (hotp) approaches.

func NewHOTPKey

func NewHOTPKey(
	label,
	secret32,
	issuer string,
	algo Hash,
	digits,
	counter int) (*Key, error)

NewHOTPKey returns a hotp key struct.

func NewKey

func NewKey(uri string) (*Key, error)

NewKey returns a key from an otpauth URI.

func NewTOTPKey

func NewTOTPKey(
	label,
	secret32,
	issuer string,
	algo Hash,
	digits,
	period int) (*Key, error)

NewTOTPKey returns a totp key struct.

func (*Key) FromURI

func (k *Key) FromURI(uri string) error

FromURI parses an otpauth URI into the key. Defaults are included for the hashing algorithm (sha1.New), digits (6), and period (30); these parameters may be excluded from the URI. The issuer is optional. For totp, only the method, label, and secret are required. See https://code.google.com/p/google-authenticator/wiki/KeyUriFormat for more information.

Example:

k.FromURI("otpauth://totp/Example:alice@google.com?algo=sha1&digits=6&issuer=Example&period=30&secret=NAR5XTDD3EQU22YU")

func (Key) GetCode

func (k Key) GetCode(iv int64) (string, error)

GetCode returns a one-time password code an initial value..

func (Key) QrCode

func (k Key) QrCode() (*qr.Code, error)

QrCode returns the qr.Code representation of the otpauth URI.

func (Key) ToURI

func (k Key) ToURI() string

ToURI returns the string representation of the Key.

func (Key) Validate

func (k Key) Validate() error

Validate checks if the key parameters conform to the specification. In invalid, an error is returns.