gotp

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2023 License: MIT Imports: 11 Imported by: 0

README

gotp

This is a pachage for Go TOTP authentication.

Reference

https://datatracker.ietf.org/doc/html/rfc6238

  • MUST, MUST NOT
    • The prover and verifier must know or be able to derive the current Unix time for OTP generation.
    • The prover and verifier must either share the same secret or the knowledge of a secret transformation to generate a shared secret.
    • The algorithm must use HOTP RFC4226 as a key building block.
    • The prover and verifier must use the same time-step value X.
    • There must be a unique secret (key) for each prover.
    • The implementation of this algorithm must support a time value T larger than a 32-bit integer when it is beyond the year 2038.
    • The key store must be in a secure area, to avoid, as possible, direct attack on the validation system and secrets database.
    • The next different OTP must be generated in the next time-step window.
    • A user must wait until the clock moves to the next time-step window from the last submission.
    • The verifier must not accept the second attempt of the OTP after the successful validation has been issued for the firstOTP, which ensures one-time only use of an OTP.
  • SHOULD, SHOUD NOT
    • The keys should be randomly generated or derived using key derivation algorithms.
    • The keys may be stored in a tamper-resistant device and should be protected against unauthorized access and usage.
    • The keys should be chosen at randome or using a cryptographically strong pseudorandom generator properly seeded with a random value.
    • The keys shoud be of the length of the HMAC output to facilitate interoperability.
    • The pseudorandom numbers used for generationg the keys should successfully pass the randomness test.
    • All the communications should take place over a secure channel, e.g., SSL/TLS or IPsec connections.
    • Access to the key material should be limited to programs and processes required by the validation system only.
    • A validation system should typically set a policy for an acceptable OTP transmisson delay window for validation.
    • The validation system should compare OTPs not only with receiving timestamp but also the past timestamps that are within the transmission delay.
    • Additional authentication measures should be used to safely authenticate the prover and explicitly resynchronize the clock drift between the prover and the validator.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Algorithm 

type Algorithm int
const (
	AlgorithmSHA1 Algorithm = iota
	AlgorithmSHA256
	AlgorithmSHA512
	AlgorithmMD5
)

func (Algorithm) Hash 

func (a Algorithm) Hash() hash.Hash

func (Algorithm) String 

func (a Algorithm) String() string

type Digits 

type Digits int
const (
	DigitsSix   Digits = 6
	DigitsEight Digits = 8
)

func (Digits) Format 

func (d Digits) Format(i int32) string

func (Digits) Length 

func (d Digits) Length() int

func (Digits) String 

func (d Digits) String() string

type Key 

type Key struct {
	// contains filtered or unexported fields
}

func NewKeyFromURL 

func NewKeyFromURL(origin string) (key *Key, err error)

func (*Key) AccountName 

func (k *Key) AccountName() string

func (*Key) Image 

func (k *Key) Image(width int, height int) (img image.Image, err error)

func (*Key) Issuer 

func (k *Key) Issuer() string

func (*Key) Secret 

func (k *Key) Secret() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.