Skip to content

A one-time password (HOTP and TOTP) library for Java

License

Notifications You must be signed in to change notification settings

talebi1/java-otp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build status Maven Central

java-otp is a library for generating one-time passwords using the HOTP (RFC 4226) or TOTP (RFC 6238) standards in Java.

Getting java-otp

You can download java-otp as a jar file (it has no dependencies) from the GitHub releases page and add it to your project's classpath. If you're using Maven (or something that understands Maven dependencies) to build your project, you can add java-otp as a dependency:

<dependency>
  <groupId>com.eatthepath</groupId>
  <artifactId>java-otp</artifactId>
  <version>0.2.0</version>
</dependency>

java-otp works with Java 8 or newer. If you need support for versions of Java older than Java 8, you may try using java-otp v0.1 (although it is no longer supported).

Usage

To demonstrate generating one-time passwords, we'll focus on the TOTP algorithm. To create a TOTP generator with a default password length (6 digits), time step (30 seconds), and HMAC algorithm (HMAC-SHA1):

final TimeBasedOneTimePasswordGenerator totp = new TimeBasedOneTimePasswordGenerator();

To actually generate time-based one-time passwords, you'll need a key and a timestamp. Secure key management is beyond the scope of this document; for the purposes of an example, though, we'll generate a random key:

final Key key;
{
    final KeyGenerator keyGenerator = KeyGenerator.getInstance(totp.getAlgorithm());

    // SHA-1 and SHA-256 prefer 64-byte (512-bit) keys; SHA512 prefers 128-byte (1024-bit) keys
    keyGenerator.init(512);

    key = keyGenerator.generateKey();
}

Armed with a key, we can deterministically generate one-time passwords for any timestamp:

final Instant now = Instant.now();
final Instant later = now.plus(totp.getTimeStep());

System.out.format("Current password: %06d\n", totp.generateOneTimePassword(key, now));
System.out.format("Future password:  %06d\n", totp.generateOneTimePassword(key, later));

…which produces (for one randomly-generated key):

Current password: 164092
Future password:  046148

License and copyright

java-otp is published under the MIT License.

About

A one-time password (HOTP and TOTP) library for Java

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 88.6%
  • HTML 11.4%