Skip to content

certchip/jsotp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits

docs

docs

 
 

src

src

 
 

test

test

 
 

.babelrc

.babelrc

 
 

.gitignore

.gitignore

 
 

.npmignore

.npmignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

Source

This project is based on LanceGin's jsotp project 1.0.4 and is a modified version with the following contents.

  • Add Digits: 4, 5, 6, 7, 8, 9, 10 and more
  • Add Digest : SHA-1, SHA-256, SHA-512

jsotp

jsotp is a node module to generate and verify one-time passwords that were used to implement 2FA and MFA authentication method in web applications and other login-required systems.

The module was implement based on RFC4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and RFC6238 (TOTP: Time-Based One-Time Password Algorithm)

Example

Feature

  • Generate random base32 encoded string
  • Generate a otpauth url with the b32 encoded string
  • Create a HOTP object with verification
  • Verify a HOTP token
  • Create a TOTP object with verification
  • Verify a TOTP token

Installation

npm install @certchip/jsotp

Module

All modules support:

const jsotp = require('@certchip/jsotp');

Usage

Time-based OTPs

// import
const jsotp = require('@certchip/jsotp');

// Create TOTP object
const totp = jsotp.TOTP('BASE32ENCODEDSECRET');
totp.now(); // => 432143

// Verify for current time
totp.verify(432143); // => true

// Verify after 30s
totp.verify(432143); // => false

Counter-based OTPs

// import
const jsotp = require('@certchip/jsotp');

// Create HOTP object
const hotp = jsotp.HOTP('BASE32ENCODEDSECRET');
hotp.at(0); // => 432143
hotp.at(1); // => 231434
hotp.at(2132); // => 242432

// Verify with a counter
hotp.verify(242432, 2132); // => true
hotp.verify(242432, 2133); // => false

Generate random base32 encoded secret

// import
const jsotp = require('@certchip/jsotp');

// Generate
const b32_secret = jsotp.Base32.random_gen();

Api

jsotp.Base32.random_gen(length)

param: length
type: int
default: 16
return: String
desc: the length of random base32 encoded string.

jsotp.TOTP(secret)

param: secret
type: string
return: TOTP
desc: generate TOTP instance.

jsotp.TOTP.now()

return: String
desc: get the one-time password with current time.

jsotp.TOTP.verify(totp)

param: totp
type: string
return: Boolean
desc: verify the totp code.

jsotp.TOTP.url_gen(issuer)

param: issuer
type: string
return: string
desc: generate url with TOTP instance

jsotp.HOTP(secret)

param: secret
type: string
return: HOTP
desc: generate HOTP instance.

jsotp.HOTP.at(counter)

param: counter
type: int
return: String
desc: generate one-time password with counter.

jsotp.HOTP.verify(hotp, count)

param: hotp
type: string
param: count
type: int
return: Boolean
desc: verify the hotp code.

jsotp.HOTP.url_gen(issuer)

param: issuer
type: string
return: string
desc: generate url with HOTP instance

Contribute

  • Clone repo and install dependencies
git clone git@github.com:certchip/jsotp.git
npm install
  • Contribute the code in src/, and run command below to build the es6 code to es2015. That will create a local directory named lib/.
npm run build
  • Unit test
npm test

About

Javascript One-Time Password module.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%