The highest tagged major version is
README
¶
GOTP - The Golang One-Time Password Library
GOTP is a Golang package for generating and verifying one-time passwords. It can be used to implement two-factor (2FA) or multi-factor (MFA) authentication methods in anywhere that requires users to log in.
Open MFA standards are defined in RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and in RFC 6238 (TOTP: Time-Based One-Time Password Algorithm). GOTP implements server-side support for both of these standards.
GOTP was inspired by PyOTP.
This fork provides the functionality to produce OTPs with a hexadecimal output format.
Installation
$ go get github.com/diebietse/gotp
Usage
Check API docs at https://godoc.org/github.com/diebietse/gotp
Time-based OTPs
totp := gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO")
totp.Now() // current otp '123456'
totp.At(1524486261) // otp of timestamp 1524486261 '123456'
# OTP verified for a given timestamp
totp.Verify('492039', 1524486261) // true
totp.Verify('492039', 1520000000) // false
// generate a provisioning uri
totp.ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName
Counter-based OTPs
hotp := gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO")
hotp.At(0) // '944181'
hotp.At(1) // '770975'
# OTP verified for a given timestamp
hotp.Verify('944181', 0) // true
hotp.Verify('944181', 1) // false
// generate a provisioning uri
hotp.ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName
Hex HOTP Output Example
hotp := NewHOTP("4S62BZNFXXSZLCRO", 6, nil, FormatHex)
hotp.At(0) // '0e6835'
hotp.At(1) // '0bc39f'
# OTP verified for a given timestamp
hotp.Verify('0e6835', 0) // true
hotp.Verify('0e6835', 1) // false
Generate random secret
secretLength := 16
gotp.RandomSecret(secretLength) // LMT4URYNZKEWZRAA
Google Authenticator Compatible
GOTP works with the Google Authenticator iPhone and Android app, as well as other OTP apps like Authy.
GOTP includes the ability to generate provisioning URIs for use with the QR Code
scanner built into these MFA client apps via otpObj.ProvisioningUri method:
gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName
gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName
This URL can then be rendered as a QR Code which can then be scanned and added to the users list of OTP credentials.
Working example
Scan the following barcode with your phone's OTP app (e.g. Google Authenticator):
Now run the following and compare the output:
package main
import (
"fmt"
"github.com/diebietse/gotp"
)
func main() {
fmt.Println("Current OTP is", gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").Now())
}
License
GOTP is licensed under the MIT License
Documentation
¶
Index ¶
Constants ¶
const ( OTPTypeTOTP = "totp" OTPTypeHOTP = "hotp" )
const MaxOTPLength = 8
MaxOTPLength set the character length limit of the library
Variables ¶
This section is empty.
Functions ¶
func BuildURI ¶
func BuildURI(otpType, secret, accountName, issuerName, algorithm string, initialCount, digits, period int) string
BuildURI returns the provisioning URI for the OTP; works for either TOTP or HOTP. This can then be encoded in a QR Code and used to provision the Google Authenticator app. For module-internal use. See also:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
params:
otpType: otp type, must in totp/hotp secret: the hotp/totp secret used to generate the URI accountName: name of the account issuerName: the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator algorithm: the algorithm used in the OTP generation initialCount: starting counter value. Only works for hotp digits: the length of the OTP generated code. period: the number of seconds the OTP generator is set to expire every code.
returns: provisioning uri
Types ¶
type HOTP ¶
type HOTP struct {
*OTP
}
HOTP is the HMAC-based OTP counters.
func NewDefaultHOTP ¶
NewDefaultHOTP returns an HOTP struct with the given secret and set defaults. The digit count is 6, hasher SHA1 and format is decimal output.
func NewHOTP ¶
NewHOTP returns an HOTP struct. If hasher is set to nil, the hasher defaults to SHA1.
func (*HOTP) ProvisioningURI ¶
ProvisioningURI returns the provisioning URI for the OTP. This can then be encoded in a QR Code and used to provision an OTP app like Google Authenticator.
See also:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
params:
accountName: name of the account issuerName: the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator initialCount: starting HMAC counter value
returns: provisioning URI
type TOTP ¶
type TOTP struct {
*OTP
// contains filtered or unexported fields
}
TOTP is the time-based OTP counters.
func NewDefaultTOTP ¶
NewDefaultTOTP returns an TOTP struct with the given secret and set defaults. The digit count is 6, interval 30, hasher SHA1 and format is decimal output.
func NewTOTP ¶
NewTOTP returns an TOTP struct. If hasher is set to nil, the hasher defaults to SHA1.
func (*TOTP) NowWithExpiration ¶
NowWithExpiration generates the current time OTP and expiration time.
func (*TOTP) ProvisioningURI ¶
ProvisioningURI returns the provisioning URI for the OTP. This can then be encoded in a QR Code and used to provision an OTP app like Google Authenticator.
See also:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
params:
accountName: name of the account issuerName: the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator
returns: provisioning URI
Source Files
Directories