https://github.com/adulau/hotp-js

A simple Javascript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC 4226. The library relies on crypto-js (http://code.google.com/p/crypto-js/) for the javascript HMAC-SHA1 implementation.
https://github.com/adulau/hotp-js

hotp hotp-js javascript-hmac-sha1 javascript-hotp otp

Last synced: 9 days ago
JSON representation

A simple Javascript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC 4226. The library relies on crypto-js (http://code.google.com/p/crypto-js/) for the javascript HMAC-SHA1 implementation.

• Host: GitHub
• URL: https://github.com/adulau/hotp-js
• Owner: adulau
• Created: 2010-01-17T13:44:08.000Z (over 15 years ago)
• Default Branch: master
• Last Pushed: 2014-01-12T19:21:17.000Z (over 11 years ago)
• Last Synced: 2025-06-22T03:04:35.013Z (11 days ago)
• Topics: hotp, hotp-js, javascript-hmac-sha1, javascript-hotp, otp
• Language: JavaScript
• Homepage:
• Size: 124 KB
• Stars: 29
• Watchers: 3
• Forks: 7
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
hotp-js - A JavaScript HOTP implementation

=================================================

A JavaScript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in [RFC4226](http://tools.ietf.org/html/rfc4226). The library uses on [crypto-js](http://code.google.com/p/crypto-js/) for the javascript HMAC-SHA1 implementation.

How to use it

-------------

Load the htop.js file, set the private key of the token and the count step.

```javascript

otp = hotp("3132333435363738393031323334353637383930","4","dec6");

```

The following output formats are supported:

* hex40 - truncated 10 bytes hexadecimal representation

* dec6  - truncated 6 bytes decimal representation (HOTP)

* dec7  - truncated 7 bytes decimal representation

* dec8  - truncated 8 bytes decimal representation

Example

-------

Check [this web page](http://www.foo.be/hotp/example.html) that will run in your browser htop-js with the RFC4226 test values.

Security recommendations

------------------------

* If you implement software tokens, don't forget to protect the key of the token along with the count value (e.g. local encryption of the software token).

* Code is experimental.

License

-------

```

Copyright (C) 2009 Alexandre Dulaunoy

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU Affero General Public License as

published by the Free Software Foundation, either version 3 of the

License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License

along with this program. If not, see .

```