A simple implementation of OATH-HOTP and OATH-TOTP. It is distributed under the terms of the MIT licence.
This is a simple OATH-HOTP and OATH-TOTP implementation in pure lua that makes use of LuaCrypto for its hashing needs. It can be used as a generation and verification library and is compatible with the RFCs 4226 and 6238. It only supports the SHA-1 hashing algorithm (as specified in the RFCs).
It is possible to export and import the keys in a short ASCII format for easy storing in databases or text files.
It is also possible to export a key to a standard URL format that
will work with otpauth://
aware clients and can be simply converted
to a QR code to be scanned by mobile clients.
HOTP sample code that creates a shared secret and iterates over asking and testing codes from the user until it encounters a blank line.
The counter is incremented with each successful verification, so one code can't be used twice.
local otp = require"otp"
local hotp = otp.new_hotp()
print"Use this URL to configure your OATH-HOTP client:"
print(hotp:get_url("luaotp sample", "user"))
while true do
print"Type in a code:"
local code = io.stdin:read"*l"
if not code or code == "" then break end
if hotp:verify(code) then
print"This code is valid!"
else
print"This code is invalid."
end
end
The documentation can be found in the doc folder.
If you like this project, you can either Flattr or donate on Liberapay.