Vapor GitHub

You're viewing documentation for an older version. View the latest version

TOTP and HOTP#

One-time passwords (OTPs) are commonly used as a form of two-factor authentication. Crypto can be used to generate both TOTP and HOTP in accordance with RFC 6238 and RFC 4226 respectively.

  • TOTP: Time-based One-Time Password. Generates password by combining shared secret with unix timestamp.

  • HOTP: HMAC-Based One-Time Password. Similar to TOTP, except an incrementing counter is used instead of a timestamp. Each time a new OTP is generated, the counter increments.

Generating OTP#

OTP generation is similar for both TOTP and HOTP. The only difference is that HOTP requires the current counter to be passed.

import Crypto

// Generate TOTP
let code = TOTP.SHA1.generate(secret: "hi")
print(code) "123456"

// Generate HOTP
let code = HOTP.SHA1.generate(secret: "hi", counter: 0)
print(code) "208503"

View the API docs for TOTP and HOTP for more information.

Base 32#

TOTP and HOTP shared secrets are commonly transferred using Base32 encoding. Crypto provides conveniences for converting to/from Base32.

import Crypto

// shared secret
let secret: Data = ...

// base32 encoded secret
let encodedSecret = secret.base32EncodedString()

See Crypto’s Data extensions for more information.