NaviServer - programmable web server
4.99  5.0

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_totp(n) 5.0.0a naviserver "NaviServer Built-in Commands"

Name

ns_totp - Returns a decimal-coded time-based one-time password (TOTP)

Table Of Contents

Synopsis

Description

The function returns a time-based one time password (TOTP) as described in RFC-6238. The function uses the HOTP function of RFC-4226 but adds the possibility to restrict the validity of the password to a time window.

RFC-6238 defines TOTP as:

 TOTP = HOTP(K, T), where T is an integer
 
 K: key
 T: time slice (moving factor for one time passwd)

The implemented function ns_totp is a generalization by allowing to specify the message digest algorithm, the number of characters of the returned truncated value, a used_id and a time.

The listed command is available in installations when NaviServer is compiled with OpenSSL support and where the nsf package is installed.

COMMANDS

ns_totp ?-digest digest? ?-digits digits? ?-interval interval? ?-user_id user_id? ?-key key? ?-time time?

OPTIONS

-digest digest

Digest algorithm for the checksum computation. The available algorithms are implemented in OpenSSL. The current versions of OpenSSL supports the following message digest algorithms: "dsa dsa-sha ecdsa-with-sha1 md4 md5 mdc2 ripemd160 sha sha1 sha224 sha256 sha384 sha512 whirlpool". The default value is "sha256"

-digits digits

specifies the number of digits of the returned one time password. The default value (as used in the RFC) is 8.

-digits interval

specifies the time interval, for which the password should be vald. The default value is 30.

-digits user_id

the secret can be either be provided via key, or via user_id and a config parameter serversecret. For testing purposes, the key is preferable. For usage scenarios, the secret should be personalized to the user. Therefore, the implementation uses the user_id and the per-server configured password value (see configuration section).

-key key

specifies the secret used for creating one time passwords (see option user_id for detail) ("K" in the formula above).

-time time

specifies time base for the computation (epoch in seconds). If no time is specified, the current time is used.

 nscp 2> ns_totp -key "tweedie123" -time 1471107671
 33888450

CONFIGURATION

 ns_section "ns/server/server1"
 ns_param   serversecret "swordfish"

See Also

ns_crypt, ns_hmac, ns_hotp, ns_md, ns_rand, ns_sha1, nsd

Keywords

TOTP, crypto, encoding, nsf