A simple Javascript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC 4226. The library relies on crypto-js (http://code.google.com/p/crypto-js/) for the javascript HMAC-SHA1 implementation.
JavaScript
Latest commit 2bcf8b0 Jan 12, 2014 @adulau Typo fixed
Permalink
Failed to load latest commit information.
hotp added 7 and 8 decimals HOTP output Dec 18, 2009
README.md
example-l.html a sample page with local javascript (especially for the BlackBerry br… Dec 14, 2009
example.html added 7 and 8 decimals HOTP output Dec 18, 2009

README.md

hotp-js - A JavaScript HOTP implementation

A JavaScript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC4226. The library uses on crypto-js for the javascript HMAC-SHA1 implementation.

How to use it

Load the htop.js file, set the private key of the token and the count step.

otp = hotp("3132333435363738393031323334353637383930","4","dec6");

The following output formats are supported:

  • hex40 - truncated 10 bytes hexadecimal representation
  • dec6 - truncated 6 bytes decimal representation (HOTP)
  • dec7 - truncated 7 bytes decimal representation
  • dec8 - truncated 8 bytes decimal representation

Example

Check this web page that will run in your browser htop-js with the RFC4226 test values.

Security recommendations

  • If you implement software tokens, don't forget to protect the key of the token along with the count value (e.g. local encryption of the software token).
  • Code is experimental.

License

Copyright (C) 2009 Alexandre Dulaunoy

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.