This library implements functions that generate OTP Tokens based on RFC4226 (HOTP) and RFC 6238 (TOTP).
Additionally, the library implements a custom version of HMAC-SHA-1 that serves as a base for the mentioned algorithms (RFC 2104).
The implementation default settings lets you compute HMAC-SHA-1 auth codes. Generated HMAC codes are byte strings, so you need to convert them to something else if needed.
For example, if key = "ORSXG5A=" and message = 1234 (string and integer respectively), you need to only pack the message in a byte-like object:
#!/usr/bin/env python
import struct
from rfc2104 import hmac
key="ORSXG5A="
msg=1234
hmac = hmac.HMAC(key, struct.pack(">Q", msg))
print(hmac)
result:
b'A3\x91v\xa5\xf7\xb0\xe5#\xb1\xa3\xa0a\xdf&\x13JC\x8ai'
The default implementation uses SHA-1 as the HMAC digest and an 8 byte unsigned integer as HOTP counter. Internal conversions are automatically performed by the code.
#!/usr/bin/env python
from rfc4226 import hotp
key = "ORSXG5A="
msg = 1234
hotp = hotp.HOTP(key, msg)
print(hotp)
result:
807009
TOTP is a special case of HOTP in which the counter is a 64bit unsigned timestamp. The Google Authenticator implementation deviates from the RFC, because it expects the key to be encoded in base32.
#!/usr/bin/env python
from rfc6238 import totp
import base64
key = "ORSXG5A="
totp = totp.TOTP(key)
print(totp)
google_key = base64.b32decode(key)
google_totp = totp.TOTP(google_key)
print(totp)
print(google_totp)
Python3 is required to use these libraries.