A Time-based One-Time Password (TOTP) Rust implementation library that follows RFC 6238, supporting multiple hash algorithms and Steam Guard compatibility.
- 🔐 RFC Standard Compliant: Follows RFC 6238 (TOTP) and RFC 4226 (HOTP)
- 🛡️ Multiple Hash Algorithms: Supports SHA1, SHA256, SHA512
- 🎯 Flexible Configuration: Supports 5-8 digit codes with custom time steps
- 🎮 Steam Compatible: Supports Steam Guard format codes
- 📱 Cross-Platform: Supports all Rust target platforms
Add the following to your Cargo.toml:
[dependencies]
otpx = { git = "https://github.com/lin1328/otpx" }See the Basics example for complete usage demonstrations including:
- Creating TOTP instances from Base32 strings and byte
- Generating codes at specific time counters
- Steam Guard algorithm support
- Custom algorithm and time step configurations
Run the basic example:
cargo run --example Basics- Minimum Length: Use at least 16 Base32 characters (80 bits) for keys
- Recommended Length: 26+ characters (128 bits), following RFC 4226 recommendations
- Secure Storage: Keys should be stored in secure locations, avoid hardcoding
- Access Control: Restrict access permissions to keys
- Default: SHA1 (best compatibility)
- Recommended: SHA256 (higher security)
- High Security: SHA512 (highest security)
Ensure system time accuracy, recommend using NTP service:
# Linux/macOS
sudo ntpdate -s time.nist.govcargo run --example BasicsQ: Code doesn't match? A: Check if system time is synchronized and ensure the key is correct.
Q: Key length error? A: Ensure Base32 key is at least 16 characters.
Q: Steam code format incorrect?
A: Use Algorithm::Steam and ensure the key is correct.
Contributions are welcome!