otp

package

v1.4.1 Latest Latest Go to latest Published: Jan 8, 2026 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/loggdme/strivia

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func DecryptOtpSecret(encryptor *encryption.Encryptor, encryptedSecret string) (string, error)
func EncryptOtpSecret(encryptor *encryption.Encryptor, secret string) (string, error)
func GenerateCodeHOTP(secret string, counter uint64, opts HOTPOpts) (passcode string, err error)
func GenerateCodeTOTP(secret string, t time.Time, opts *TOTPOpts) (passcode string, err error)
func GenerateRecoveryCode(length uint32) string
func GenerateRecoveryCodes(count int) []string
func HashRecoveryCode(code string) string
func HashRecoveryCodes(codes []string) []string
func Now() time.Time
func VerifyHOTP(passcode string, counter uint64, secret string, opts HOTPOpts) (bool, error)
func VerifyRecoveryCode(code string, hash string) bool
func VerifyTOTP(passcode string, secret string, t time.Time, opts *TOTPOpts) (bool, error)
type Algorithm
- func (a Algorithm) Hash() hash.Hash
- func (a Algorithm) String() string
type Digits
- func (d Digits) Format(in int32) string
- func (d Digits) Length() int
- func (d Digits) String() string
type GenerateKeyOptsHOTP
type GenerateKeyOptsTOTP
type HOTPOpts
type Key
- func GenerateKeyHOTP(opts GenerateKeyOptsHOTP) (*Key, error)
- func GenerateKeyTOTP(opts GenerateKeyOptsTOTP) (*Key, error)
- func (k *Key) String() string
type TOTPOpts

Constants ¶

View Source

const (
	RecoveryCodeLength = 16
)

Variables ¶

View Source

var (
	ErrValidateOtpSecretInvalidBase32 = errors.New("otp: decoding of secret as base32 failed.")
	ErrValidateOtpInputInvalidLength  = errors.New("otp: input length unexpected")
	ErrGenerateOtpMissingIssuer       = errors.New("otp: issuer must be set")
	ErrGenerateOtpMissingAccountName  = errors.New("otp: account_name must be set")
)

View Source

var DefaultParamsHOTP = &HOTPOpts{
	Digits:    DigitsSix,
	Algorithm: AlgorithmSHA512,
}

DefaultParamsHOTP provides secure default parameters for TOTP generation and validation based on the RFC 4225 specifications with digits=6, and algorithm SHA512.

View Source

var DefaultParamsTOTP = &TOTPOpts{
	Period:    30,
	Skew:      1,
	Digits:    DigitsSix,
	Algorithm: AlgorithmSHA512,
}

DefaultParamsTOTP provides secure default parameters for TOTP generation and validation based on the RFC 4225 specifications with period=30 seconds, skew=1, digits=6, and algorithm SHA512.

Functions ¶

func DecryptOtpSecret ¶ added in v1.1.0

func DecryptOtpSecret(encryptor *encryption.Encryptor, encryptedSecret string) (string, error)

DecryptOtpSecret decrypts the given encrypted secret using the provided encryptor.

func EncryptOtpSecret ¶ added in v1.1.0

func EncryptOtpSecret(encryptor *encryption.Encryptor, secret string) (string, error)

EncryptOtpSecret encrypts the given secret using the provided encryptor.

func GenerateCodeHOTP ¶

func GenerateCodeHOTP(secret string, counter uint64, opts HOTPOpts) (passcode string, err error)

GenerateCodeHOTP uses a counter and secret value and options struct to create a passcode.

func GenerateCodeTOTP ¶

func GenerateCodeTOTP(secret string, t time.Time, opts *TOTPOpts) (passcode string, err error)

GenerateCodeTOTP takes a timestamp and produces a passcode using a secret and the provided opts. (Under the hood, this is making an adapted call to GenerateHOTP)

func GenerateRecoveryCode ¶

func GenerateRecoveryCode(length uint32) string

func GenerateRecoveryCodes ¶

func GenerateRecoveryCodes(count int) []string

func HashRecoveryCode ¶ added in v1.2.0

func HashRecoveryCode(code string) string

func HashRecoveryCodes ¶ added in v1.1.0

func HashRecoveryCodes(codes []string) []string

func Now ¶

func Now() time.Time

Now returns the current time in UTC.

func VerifyHOTP ¶

func VerifyHOTP(passcode string, counter uint64, secret string, opts HOTPOpts) (bool, error)

VerifyHOTP validates an HOTP with customizable options.

func VerifyRecoveryCode ¶ added in v1.1.0

func VerifyRecoveryCode(code string, hash string) bool

func VerifyTOTP ¶

func VerifyTOTP(passcode string, secret string, t time.Time, opts *TOTPOpts) (bool, error)

VerifyTOTP validates a TOTP given a user specified time and custom options.

Types ¶

type Algorithm ¶

type Algorithm int

Algorithm represents the hashing function to use in the HMAC operation needed for OTPs.

const (
	AlgorithmSHA512 Algorithm = iota
	AlgorithmSHA256
	AlgorithmSHA1
	AlgorithmMD5
)

func (Algorithm) Hash ¶

func (a Algorithm) Hash() hash.Hash

Hash returns a hash.Hash for the given Algorithm.

func (Algorithm) String ¶

func (a Algorithm) String() string

String returns the string representation of the Algorithm.

type Digits ¶

type Digits int

Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values.

const (
	DigitsSix   Digits = 6
	DigitsEight Digits = 8
)

func (Digits) Format ¶

func (d Digits) Format(in int32) string

Format converts an integer into the zero-filled size for this Digits.

func (Digits) Length ¶

func (d Digits) Length() int

Length returns the number of characters for this Digits.

func (Digits) String ¶

func (d Digits) String() string

String returns the string representation of the digits.

type GenerateKeyOptsHOTP ¶

type GenerateKeyOptsHOTP struct {
	// Name of the issuing Organization/Company.
	Issuer string
	// Name of the User's Account (eg, email address)
	AccountName string
	// Size in size of the generated Secret. Defaults to 10 bytes.
	SecretSize uint32
	// Digits to request. Defaults to 6.
	Digits Digits
	// Algorithm to use for HMAC. Defaults to SHA1.
	Algorithm Algorithm
}

GenerateKeyOptsHOTP provides options for .GenerateKeyHOTP()

type GenerateKeyOptsTOTP ¶

type GenerateKeyOptsTOTP struct {
	// Name of the issuing Organization/Company.
	Issuer string
	// Name of the User's Account (eg, email address)
	AccountName string
	// Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.
	Period uint
	// Size in size of the generated Secret. Defaults to 20 bytes.
	SecretSize uint32
	// Digits to request. Defaults to 6.
	Digits Digits
	// Algorithm to use for HMAC. Defaults to SHA512.
	Algorithm Algorithm
}

GenerateKeyOptsTOTP provides options for .GenerateKeyTOTP()

type HOTPOpts ¶

type HOTPOpts struct {
	// Digits as part of the input. Defaults to 6.
	Digits Digits
	// Algorithm to use for HMAC. Defaults to SHA512.
	Algorithm Algorithm
}

HOTPOpts provides options for ValidateCustom().

type Key ¶

type Key struct {
	Secret      string
	Issuer      string
	AccountName string
	Host        string
	Period      uint
	Algorithm   Algorithm
	Digits      Digits
}

Key represents an TOTP or HTOP key.

func GenerateKeyHOTP ¶

func GenerateKeyHOTP(opts GenerateKeyOptsHOTP) (*Key, error)

GenerateKeyHOTP creates a new HOTP Key.

func GenerateKeyTOTP ¶

func GenerateKeyTOTP(opts GenerateKeyOptsTOTP) (*Key, error)

GenerateKeyTOTP creates a new HOTP Key.

func (*Key) String ¶

func (k *Key) String() string

NewKey creates a new Key String with the given parameters.

type TOTPOpts ¶

type TOTPOpts struct {
	// Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.
	Period uint
	// Periods before or after the current time to allow. Value of 1 allows up to Period
	// of either side of the specified time. Defaults to 0 allowed skews.
	Skew uint
	// Digits as part of the input. Defaults to 6.
	Digits Digits
	// Algorithm to use for HMAC. Defaults to SHA1.
	Algorithm Algorithm
}

TOTPOpts provides options for ValidateCustom().

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL