ns_hotp(n)

Name

ns_hotp - Returns a decimal-coded one-time password (HOTP)

Table Of Contents

• Table Of Contents
• Synopsis
• Description
• COMMANDS
• OPTIONS
• See Also
• Keywords

Synopsis

Description

The function returns a one-time password based on the HMAC algorithm (HOTP) as described in RFC-4226, allowing the choice of message digest algorithm and the number of digits for the truncated output.

RFC-4226 defines HOTP as:

 HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))
 
 K: key
 C: counter (moving factor for one time passwd)

The implemented function ns_hotp is an extension of the standard RFC by allowing you to specify the message digest algorithm and the number of characters in the truncated output.

The command is available when NaviServer is compiled with OpenSSL support and the nsf package is installed.

COMMANDS

ns_hotp ?-digest value? ?-digits integer? ?-key value? counter

counter specifies the moving factor for the one-time password (referred to as "C" in the formula above). The counter is a 64-bit moving factor, encoded in big-endian order and passed as the message to the HMAC calculation.

OPTIONS

-digest digest

Specifies the digest algorithm used for the HMAC computation. Available algorithms are provided by OpenSSL and include: "dsa", "dsa-sha", "ecdsa-with-sha1", "md4", "md5", "mdc2", "ripemd160", "sha", "sha1", "sha224", "sha256", "sha384", "sha512", and "whirlpool". The default algorithm is "sha256".

-digits digits

Specifies the number of digits for the resulting one-time password. The default is 6 digits.

-key key

Specifies the secret key used to generate the one-time password (corresponds to "K" in the formula above).

 # provide coutner in 64-bit big-endian order
 % ns_hotp -key "tweedie123" [binary format W 1]
 601045

See Also

ns_crypt, ns_hmac, ns_md, ns_rand, ns_sha1, ns_totp, nsd

Keywords

HOTP, crypto, encoding, nsf