CrOTP

The Crystal One Time Password library.

Installation

Add this to your application's shard.yml:

dependencies:
  crotp:
    github: philnash/crotp

Usage

HOTP

require "crotp"

hotp = CrOTP::HOTP.new("secret")
counter = 1

# Generate a token
token = hotp.generate(counter)
# => "533881"

# Verify code
result = hotp.verify(token, counter)
# => true

TOTP

require "crotp"

totp = CrOTP::TOTP.new("secret")

# Generate a code at a specific time stamp (by default, #generate will make a
# code using Time.now)
token = totp.generate(at: 1484007247)
# => "020567"

# Verify code at a specific time stamp
result = totp.verify(token, at: 1484007247)
# => true

# Verify code at different time stamp, with allowed drift
result = totp.verify(token, at: 1484007299, allowed_drift: 1)
# => true

# Verify code at different time stamp, outside allowed drift
result = totp.verify(token, at: 1484007300, allowed_drift: 1)
# => false

You can see and run these examples and more in example/crotp.cr.

Todo

• [x] Basic HOTP and TOTP generation and verification
• [x] Rewrite int_to_bytes and extract from CrOTP::OTP
• [x] Verifying a token over a window of counters/time
• [ ] Google Authenticator otpauth URI generation
• [ ] Ability to choose algorithm (currently only sha1)
• [ ] Ability to choose size of period in TOTP
• [ ] Example application using Kemal
• [ ] Much more documentation

Running the project locally

First clone the project:

git clone https://github.com/philnash/crotp.git
cd crotp

Run the tests with:

crystal spec

Contributing

1. Fork it ( https://github.com/philnash/crotp/fork )
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create a new Pull Request

Contributors

• philnash Phil Nash - creator, maintainer
• benoist Benoist Claassen