Skip to content
/ TheBlueSky.SwiftAuthenticator Public

A simple and straightforward HOTP and TOTP generation and verification library for .NET.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheBlueSky/TheBlueSky.SwiftAuthenticator

BranchesTags

Repository files navigation

HOTP and TOTP Library for .NET

What is it?

TheBlueSky.SwiftAuthenticator is a .NET implementation of HMAC-Based One-Time Password (HOTP) and Time-Based One-Time Password (TOTP) algorithms as described in RFC 4226 and RFC 6238 respectively.

The repository contains 2 libraries:

  1. TheBlueSky.SwiftAuthenticator: This library contains the types and methods needed to generate secrets and passwords. It is used by both, the client (prover) and the server (verifier).

  2. TheBlueSky.SwiftAuthenticator.Verifier: This library contains the types and methods needed to verify passwords. It is used by the server (verifier).

How to get it?

  1. To install TheBlueSky.SwiftAuthenticator, run the following command in the Package Manager Console:
Install-Package TheBlueSky.SwiftAuthenticator
  1. To install TheBlueSky.SwiftAuthenticator.Verifier, run the following command in the Package Manager Console:
Install-Package TheBlueSky.SwiftAuthenticator.Verifier

Or search for TheBlueSky.SwiftAuthenticator and TheBlueSky.SwiftAuthenticator.Verifier in NuGet Package Manager.

Usage

The simplest way to get started is to use the API with the default parameters:

Generate password

  1. Generate a secret (will generate a Base32 encoded 20-byte secret):
var secret = Authenticator.GenerateSecret();
  1. Create an instance of Authenticator:
var authenticator = new Authenticator();
  1. Generate a password from the secret (will generate a 6-digit HOTP using the provided iteration and 6-digit TOTP using the current UTC time and 30-second time step):
// HMAC-Based One-Time Password (HOTP)
var hotp = authenticator.GenerateCounterBasedPassword(secret, 28091977);

// Time-Based One-Time Password (TOTP)
var totp = authenticator.GenerateTimeBasedPassword(secret);

Verify password

  1. Create an instance of Authenticator:
var authenticator = new Authenticator();
  1. Create an instance of PasswordVerifier:
var verifier = new PasswordVerifier(authenticator);
  1. Verify password (will successfully verify passwords generated with the default values):
// HMAC-Based One-Time Password (HOTP)
var (isVerified, synchronizationValue) = verifier.VerifyCounterBasedPassword(hotp, secret, 28091977);

// Time-Based One-Time Password (TOTP)
var (isVerified, timeStepDrift) = verifier.VerifyTimeBasedPassword(totp, secret); // assuming totp is generated within the 30-second time step

Supported Frameworks

Both the libraries target .NET Standard 1.3 and .NET Standard 2.0 (read about .NET Standard here); hence, they can be referenced from libraries that target .NET Standard 1.3 and above, and applications that target any of the supported platforms:

  • .NET Core 1.0 and above
  • .NET Framework 4.6 and above
  • Mono 4.6 and above
  • Universal Windows Platform 10.0 and above
  • Xamarin.Android 8.0 and above
  • Xamarin.iOS 10.0 and above
  • Xamarin.Mac 3.0 and above

About

A simple and straightforward HOTP and TOTP generation and verification library for .NET.

Topics

totp hotp authenticator rfc-6238 rfc-4226

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages