![]() The output parameter reports the specific time window where the match occured for persistance comparison in future verification attempts. RFC 6238 Section 5.2 states that a code must only be accepted once. This is provided so that the caller of the function can persist/check that the code has only been validated once. There is an output long called timeWindowUsed. If the overload that doesn't take a timestamp is called, DateTime.UtcNow will be used as the comperand. Public bool VerifyTotp(DateTime timestamp, string totp, out long timeWindowUsed, VerificationWindow window = null) public bool VerifyTotp(string totp, out long timeWindowUsed, VerificationWindow window = null) There is a method called VerifyTotp with an overload that takes a specific timestamp. The TOTP implementation provides a mechanism for verifying TOTP codes that are passed in. Var remainingSeconds = totp.RemainingSeconds(DateTime.UtcNow) there is also an overload that lets you specify the time ![]() var remainingTime = totp.RemainingSeconds() There is a method that will tell you how much time remains in the current time step window in seconds. var totpCode = totp.ComputeTotp(DateTime.UtcNow) There is an overload that doesn't take a parameter that just uses UtcNow. DateTime.UtcNow is the recommended value. You need to provide the timestamp to use in the code calculation. Once you have an instance of the Totp class, you can easily calculate a code by Calling the ComputeTotp method. var totp = new Totp(secretKey, totpSize: 8) There aren't a lot of tests around this either so use at your own risk (other than the fact that the RFC test table uses TOTP values that are 8 digits). ![]() For this reason the default is 6 but you can set it to something else. The tests in the RFC specify 8, but 6 has become a de-facto standard if not an actual one. Basically this is how many digits do you want your TOTP code to be. var totp = new Totp(secretKey, step: 15) // a new code will be generated every 15 secondsįinally the truncation level can be specified. Like the hash mode, pass this value into the constructor. ![]() There are not tests around this as the RFC test tables all use a 30 second window so use this feature at your own risk. The step window can be changed however if required. That means that a new code will be generated every thirty seconds. The RFC recommends a window of thirty seconds. The time step window can also be specified. var totp = new Totp(secretKey, mode: OtpHashMode.Sha512) To change that behavior from the default of Sha1 simply pass in the OtpHashMode enum with the desired value into the constructor. The default is Sha1, but Sha256, and Sha512 may be used instead. These options are specified when the TOTP object is created.ĭifferent hash algorithms can be used to calculate the code. There are several options that can be used to change how the code is calculated. Simply create a new instance of it and pass in the shared secret key in plaintext as a byte array. Use of the library is fairly straightforward. This could be embedded in a mobile app using Mono, or used server side to simply validate codes that are provided. This library implements TOTP code calculation in C#. The Google Authenticator app uses TOTP to calculate one time passwords. It is often used for two factor authentication. TOTP is an algorithm that uses a rolling window of time to calculate single use passwords. An implementation TOTP RFC 6238 and HOTP RFC 4226 in C#.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |