Permalink
Browse files

Updated README with OATH-HOTP example code

  • Loading branch information...
Ratler committed Aug 17, 2011
1 parent 1eb8670 commit 55469de46c6de382a2f7836b05286140ef43371e
Showing with 37 additions and 0 deletions.
  1. +37 −0 README
View
37 README
@@ -37,3 +37,40 @@ YubiHSM hsm = new YubiHSM("/dev/ttyACM0", timeout);
// Generate HmacSHA1 for mySecret
String sha1 = hsm.generateHMACSHA1(mySecret, keyHandle, true, false).get("hash");
+
+
+Code example 2 - OATH-HOTP generate OATH-HOTP AEAD and OTP validation
+--------------
+
+// Nonce should stored for later use when validating an OTP
+String randomNonce = "a1a2a3a4a5a6";
+
+// This is the token seed which should be treated as a secret (don't store this)
+String tokenSeed = "3132333435363738393031323334353637383930";
+
+// A one-time password from the token with seed above
+String otp = "026920";
+
+// Current one-time password counter, this counter should be stored and updated
+// for each time the OTP have been validated
+int counter = 30;
+
+// How many iterations we should look ahead to find a matching OTP
+int lookAhead = 10;
+
+// This is the key handle with permission to generate AEAD
+int keyHandle = 8192;
+
+// HSM read timeout
+float timeout = 0.5;
+
+// Instance of YubiHSM
+YubiHSM hsm = new YubiHSM("/dev/ttyACM0", timeout);
+
+// Generate OATH-HOTP AEAD from the token seed, the AEAD can be safely stored in an database along with the nonce
+// This step is only performed once to recieve an AEAD which can be re-used for OTP validation.
+String aead = hsm.generateOathHotpAEAD(randomNonce, keyHandle, tokenSeed);
+
+// Validate the one-time password "026920". If the counter result is 0 the validation failed.
+// In this case we expect a value of 31.
+counter = hsm.validateOathHOTP(hsm, keyHandle, randomNonce, aead, counter, otp, lookAhead);

0 comments on commit 55469de

Please sign in to comment.