HOTP TOTP

HMAC-Based One-Time Password (HOTP), and Time-Based One-Time Password (TOTP) Algorithms

Install via npm

$ npm install --save hotp

Changelog

• v3.0.0: Removed CLI utilities – now to be found at jhermsmeier / hotp-totp-cli
• v2.0.0: Added TOTP implementation
• v1.0.0: Initial release

Usage

HOTP

hotp( key, counter[, options] )

• key {Buffer|String}
• counter {Buffer|String|Number}
• options {Object}
  • algorithm {Number} Default: 'sha1'
  • digits {Number} Default: 6
• Returns {String}

Example

var hotp = require( 'hotp' )

var key = 'a very secret key'
var counter = 0

var token = hotp( key, counter, { digits: 8 })

console.log( token ) // > '78035651'

TOTP

hotp.totp( key[, options] )

• key {Buffer|String}
• options {Object}
  • algorithm {Number} Default: 'sha1'
  • digits {Number} Default: 6
  • time {Number} Default: (Date.now() / 1000)
  • timeStep {Number} Default: 30
  • t0 {Number} Default: 0
• Returns {String}

Example

var hotp = require( 'hotp' )

var key = 'a very secret key'
var token = hotp.totp( key, { digits: 8 })

console.log( token ) // > '86247382'

References

• RFC 4226, HOTP: An HMAC-Based One-Time Password Algorithm
• RFC 6238, TOTP: Time-Based One-Time Password Algorithm