{"id":13482181,"url":"https://github.com/philnash/crotp","last_synced_at":"2025-04-30T15:50:12.782Z","repository":{"id":66250558,"uuid":"78296363","full_name":"philnash/crotp","owner":"philnash","description":"CrOTP - One Time Passwords for Crystal","archived":false,"fork":false,"pushed_at":"2023-09-22T17:58:53.000Z","size":37,"stargazers_count":64,"open_issues_count":1,"forks_count":11,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-30T15:50:00.184Z","etag":null,"topics":["2fa","crystal","hotp","otp","shard","totp","two-factor-authentication"],"latest_commit_sha":null,"homepage":null,"language":"Crystal","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/philnash.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":"philnash"}},"created_at":"2017-01-07T18:32:57.000Z","updated_at":"2025-01-29T09:38:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"d6b2b21f-dfd1-45d4-885a-d457ee158486","html_url":"https://github.com/philnash/crotp","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philnash%2Fcrotp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philnash%2Fcrotp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philnash%2Fcrotp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philnash%2Fcrotp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/philnash","download_url":"https://codeload.github.com/philnash/crotp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251734543,"owners_count":21635155,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","crystal","hotp","otp","shard","totp","two-factor-authentication"],"created_at":"2024-07-31T17:00:59.732Z","updated_at":"2025-04-30T15:50:12.758Z","avatar_url":"https://github.com/philnash.png","language":"Crystal","funding_links":["https://github.com/sponsors/philnash"],"categories":["Algorithms and Data structures"],"sub_categories":[],"readme":"# CrOTP\n\nThe Crystal One Time Password library. Use this to generate HOTP or TOTP codes for two factor authentication.\n\n[![Build Status](https://github.com/philnash/crotp/workflows/Tests/badge.svg)](https://github.com/philnash/crotp/actions?query=workflow%3ATests)\n\n## Table of Contents\n\n* [Table of Contents](#table-of-contents)\n* [Installation](#installation)\n* [Usage](#usage)\n  * [HOTP](#hotp)\n  * [TOTP](#totp)\n    * [TOTP hashing algorithms](#totp-hashing-algorithms)\n  * [Authenticator applications](#authenticator-applications)\n    * [HOTP](#hotp-1)\n    * [TOTP](#totp-1)\n    * [Base 32 secret](#base-32-secret)\n* [Todo](#todo)\n* [Running the project locally](#running-the-project-locally)\n* [Contributing](#contributing)\n* [License](#license)\n* [Contributors](#contributors)\n\n## Installation\n\nAdd this to your application's `shard.yml`:\n\n```yaml\ndependencies:\n  crotp:\n    github: philnash/crotp\n```\n\n## Usage\n\n### HOTP\n\n```crystal\nrequire \"crotp\"\n\nhotp = CrOTP::HOTP.new(\"secret\")\ncounter = 1\n\n# Generate a token\ntoken = hotp.generate(counter)\n# =\u003e \"533881\"\n\n# Verify code\nresult = hotp.verify(token, counter)\n# =\u003e true\n```\n\n### TOTP\n\n```crystal\nrequire \"crotp\"\n\ntotp = CrOTP::TOTP.new(\"secret\")\n\n# Generate a code at a specific time stamp (by default, #generate will make a\n# code using Time.now)\ntoken = totp.generate(at: 1484007247)\n# =\u003e \"020567\"\n\n# Verify code at a specific time stamp\nresult = totp.verify(token, at: 1484007247)\n# =\u003e true\n\n# Verify code at different time stamp, with allowed drift\nresult = totp.verify(token, at: 1484007299, allowed_drift: 1)\n# =\u003e true\n\n# Verify code at different time stamp, outside allowed drift\nresult = totp.verify(token, at: 1484007300, allowed_drift: 1)\n# =\u003e false\n```\n\n#### TOTP hashing algorithms\n\nAccording to [RFC 6238](https://tools.ietf.org/html/rfc6238) section 1.2:\n\n\u003e TOTP implementations MAY use HMAC-SHA-256 or HMAC-SHA-512 functions, based on SHA-256 or SHA-512 hash functions, instead of the HMAC-SHA-1 function that has been specified for the HOTP computation in [RFC4226](https://tools.ietf.org/html/rfc4226).\n\nTo use either SHA-256 or SHA-512 as the hashing function, initialise your `CrOTP::TOTP` object with the algorithm you want:\n\n```crystal\nrequire \"crotp\"\n\ntotp = CrOTP::TOTP.new(\"secret\", algorithm: OpenSSL::Algorithm::SHA512)\n```\n\n_Note: [authenticator applications may ignore the algorithm parameter](https://github.com/google/google-authenticator/wiki/Key-Uri-Format#algorithm) when you encode your secret in a URL/QR code as below._\n\n### Authenticator applications\n\nTo share secrets with an authenticator application, like [Authy](https://authy.com/) or Google Authenticator you need a URI that you can share as a QR code. The [implementation details for the URI are in the Google Authenticator wiki](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).\n\nHere is how you can get the URI and, in case your user can't scan the code, the base 32 representation of the secret.\n\n#### HOTP\n\n```crystal\n# For HOTP you need the initial counter and an issuer\nputs hotp.authenticator_uri(initial_counter: 0, issuer: \"Test app\")\n# =\u003e otpauth://hotp/Test%20app?secret=ONSWG4TFOQ\u0026algorithm=SHA1\u0026counter=0\u0026digits=6\u0026issuer=Test%20app\n\n# You can add a user account detail too, normally an email address or username, that shows up in the authenticator app\nputs hotp.authenticator_uri(initial_counter: 0, issuer: \"Test app\", user: \"philnash@example.com\")\n# =\u003e otpauth://hotp/Test%20app:philnash%40example.com?secret=ONSWG4TFOQ\u0026algorithm=SHA1\u0026counter=0\u0026digits=6\u0026issuer=Test%20app\n```\n\n#### TOTP\n\n```crystal\n# For TOTP you only need an issuer\nputs totp.authenticator_uri(issuer: \"Test app\")\n# =\u003e otpauth://totp/Test%20app?secret=ONSWG4TFOQ\u0026algorithm=SHA1\u0026period=30\u0026digits=6\u0026issuer=Test%20app\n\n# You can add a user detail here too\nputs totp.authenticator_uri(issuer: \"Test app\", user: \"philnash@example.com\")\n# =\u003e otpauth://totp/Test%20app:philnash%40example.com?secret=ONSWG4TFOQ\u0026algorithm=SHA1\u0026period=30\u0026digits=6\u0026issuer=Test%20app\n```\n\n#### Base 32 secret\n\n```crystal\nputs hotp.base32_secret\n# =\u003e ONSWG4TFOQ\n\nputs totp.base32_secret\n# =\u003e ONSWG4TFOQ\n```\n\nYou can see and run these examples and more in `example/crotp.cr`.\n\n## Todo\n\n- [x] Basic HOTP and TOTP generation and verification\n- [x] Rewrite `int_to_bytes` and extract from `CrOTP::OTP`\n- [x] Verifying a token over a window of counters/time\n- [x] Google Authenticator otpauth URI generation\n- [x] Ability to choose algorithm (currently only sha1)\n- [ ] Ability to choose size of period in TOTP\n- [ ] Example application using Kemal\n- [ ] Much more documentation\n\n## Running the project locally\n\nFirst clone the project:\n\n```bash\ngit clone https://github.com/philnash/crotp.git\ncd crotp\n```\n\nRun the tests with:\n\n```bash\ncrystal spec\n```\n\n## Contributing\n\n1. Fork it ( https://github.com/philnash/crotp/fork )\n2. Create your feature branch (git checkout -b my-new-feature)\n3. Commit your changes (git commit -am 'Add some feature')\n4. Push to the branch (git push origin my-new-feature)\n5. Create a new Pull Request\n\n## License\n\nThis code is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n\n## Contributors\n\n- [philnash](https://github.com/philnash) Phil Nash - creator, maintainer\n- [benoist](https://github.com/benoist) Benoist Claassen\n- [Xosmond](https://github.com/Xosmond) Jordano Moscoso\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilnash%2Fcrotp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphilnash%2Fcrotp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilnash%2Fcrotp/lists"}