mirror of https://github.com/vapor/docs.git
42 lines
1.6 KiB
Markdown
42 lines
1.6 KiB
Markdown
# TOTP and HOTP
|
|
|
|
One-time passwords (OTPs) are commonly used as a form of [two-factor authentication](https://en.wikipedia.org/wiki/Multi-factor_authentication). Crypto can be used to generate both TOTP and HOTP in accordance with [RFC 6238](https://tools.ietf.org/html/rfc6238) and [RFC 4226](https://tools.ietf.org/html/rfc4226
|
|
) respectively.
|
|
|
|
- **TOTP**: Time-based One-Time Password. Generates password by combining shared secret with unix timestamp.
|
|
- **HOTP**: HMAC-Based One-Time Password. Similar to TOTP, except an incrementing counter is used instead of a timestamp. Each time a new OTP is generated, the counter increments.
|
|
|
|
## Generating OTP
|
|
|
|
OTP generation is similar for both TOTP and HOTP. The only difference is that HOTP requires the current counter to be passed.
|
|
|
|
```swift
|
|
import Crypto
|
|
|
|
// Generate TOTP
|
|
let code = TOTP.SHA1.generate(secret: "hi")
|
|
print(code) "123456"
|
|
|
|
// Generate HOTP
|
|
let code = HOTP.SHA1.generate(secret: "hi", counter: 0)
|
|
print(code) "208503"
|
|
```
|
|
|
|
View the API docs for [`TOTP`](https://api.vapor.codes/crypto/latest/Crypto/Structs/TOTP.html) and [`HOTP`](https://api.vapor.codes/crypto/latest/Crypto/Structs/HOTP.html) for more information.
|
|
|
|
## Base 32
|
|
|
|
TOTP and HOTP shared secrets are commonly transferred using Base32 encoding. Crypto provides conveniences for converting to/from Base32.
|
|
|
|
```swift
|
|
import Crypto
|
|
|
|
// shared secret
|
|
let secret: Data = ...
|
|
|
|
// base32 encoded secret
|
|
let encodedSecret = secret.base32EncodedString()
|
|
```
|
|
|
|
See Crypto's [`Data`](https://api.vapor.codes/crypto/latest/Crypto/Extensions/Data.html) extensions for more information.
|