HOTP Component
Properties Methods Events Config Settings Errors
The HOTP component allows creation of HMAC-Based One-Time passwords.
Syntax
TipaHOTP
Remarks
The HOTP component implements the HOTP algorithm defined in RFC 4226 (HMAC-Based One-Time Password). These types of passwords are commonly used as a second factor of authentication in multi-factor authentication scenarios.
To begin specify the shared secret in the Secret property.
Next, you may set Counter. If this property is not set, the component will use a default value.
To create the password call CreatePassword. The Password property will be populated with the new password.
To validate a password set the Password property and call ValidatePassword. The method will return True or False to indicate success or failure.
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
Counter | The counter used for HMAC-Based One Time Password creation or validation. |
Password | The HMAC-Based One Time Password. |
Secret | The Base32 encoded shared secret used when creating and validating a password. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
Config | Sets or retrieves a configuration setting. |
CreatePassword | Creates a HMAC-Based One Time Password. |
Reset | Reset the variables to default value. |
ValidatePassword | Validates a HMAC-Based One Time Password. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
Error | Information about errors during data delivery. |
Config Settings
The following is a list of config settings for the component with short descriptions. Click on the links for further details.
HashAlgorithm | The hash algorithm used to sign the password. |
PasswordLength | The length of the generated password. |
QRCodeURI | Returns a URI suitable for encoding as a QR code. |
SecretLength | The length of secret to generate. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitive | Whether sensitive data is masked in log messages. |
UseFIPSCompliantAPI | Tells the component whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |
Counter Property (HOTP Component)
The counter used for HMAC-Based One Time Password creation or validation.
Syntax
__property __int64 Counter = { read=FCounter, write=FSetCounter };
Default Value
0
Remarks
This property holds the counter value used for HMAC-Based One Time Password creation or validation. This value must be specified before calling CreatePassword or ValidatePassword. The value should be incremented each time a password is created.
The default value is 0.
Data Type
Long64
Password Property (HOTP Component)
The HMAC-Based One Time Password.
Syntax
__property String Password = { read=FPassword, write=FSetPassword };
Default Value
""
Remarks
This property holds the HMAC-Based One Time Password. This property is populated after calling CreatePassword. This property must be set before calling ValidatePassword.
Data Type
String
Secret Property (HOTP Component)
The Base32 encoded shared secret used when creating and validating a password.
Syntax
__property String Secret = { read=FSecret, write=FSetSecret };
Default Value
""
Remarks
This property specifies the Base32 encoded shared secret used when creating and validating a password. This should be set before calling CreatePassword or ValidatePassword.
If this is not set before calling CreatePassword a random secret will be automatically generated. This functionality provides an easy way to create new secret values. The length of the secret is defined by SecretLength.
Data Type
String
Config Method (HOTP Component)
Sets or retrieves a configuration setting.
Syntax
String __fastcall Config(String ConfigurationString);
Remarks
Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
CreatePassword Method (HOTP Component)
Creates a HMAC-Based One Time Password.
Syntax
void __fastcall CreatePassword();
Remarks
This method creates a HMAC-Based One Time Password.
The following properties are applicable when calling CreatePassword.
Calling CreatePassword populates the Password property with the created password.
If Secret is not specified before calling this method a random secret will be automatically generated.
Reset Method (HOTP Component)
Reset the variables to default value.
Syntax
void __fastcall Reset();
Remarks
This method will reset the variables to default value.
ValidatePassword Method (HOTP Component)
Validates a HMAC-Based One Time Password.
Syntax
bool __fastcall ValidatePassword();
Remarks
This method validates a HMAC-Based One Time Password.
The following properties are applicable when calling ValidatePassword.
The method will return True if the password is validated, False otherwise.
Error Event (HOTP Component)
Information about errors during data delivery.
Syntax
typedef struct { int ErrorCode; String Description; } TipaHOTPErrorEventParams; typedef void __fastcall (__closure *TipaHOTPErrorEvent)(System::TObject* Sender, TipaHOTPErrorEventParams *e); __property TipaHOTPErrorEvent OnError = { read=FOnError, write=FOnError };
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Config Settings (HOTP Component)
The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.HOTP Config Settings
This setting specifies the hash algorithm used to sign the password. Possible values are:
- SHA1 (default)
- SHA256
- SHA512
This setting specifies the length of the generated password. Possible values are:
- 6 (default)
- 7
- 8
This setting provides a way to generate a URI which can be encoded into a QR code, suitable for using in any authenticator application. The URI format is well defined and is an easy way to transfer the secret key and other relevant parameters.
To use this setting first set Secret to a valid value, then execute code like:
string MyQRCodeURI = component.Config("QRCodeURI=MyServiceName:account@company.com");
In the above example the MyServiceName value is the issuer. This is typically used in authenticator applications to identify the service to which the account belongs. The account@company.com value is the account name and identifies the specific account with which the key is associated. The use of an issuer is not required but is recommended. An account name is required.
The return value from this operation is a URI in one of the following formats:
//TOTP otpauth://totp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&period=30 //HOTP otpauth://hotp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&counter=0
The following values are applicable when using this setting:
- Secret
- PasswordLength
- HashAlgorithm
- TimeStep (TOTP)
- Counter (HOTP)
When Secret is empty and CreatePassword is called a random secret value will be generated. This setting determines the length of the randomly generated secret. The default value is 32.
Base Config Settings
When queried, this setting will return a string containing information about the product's build.
The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.
This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
When set to true, the component will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting which applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details please see the FIPS 140-2 Compliance article.
Note: This setting is only applicable on Windows.
Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details.
When set to false, the component will use the system security libraries by default to perform cryptographic functions where applicable.
Setting this configuration setting to true tells the component to use the internal implementation instead of using the system security libraries.
This setting is set to false by default on all platforms.
Trappable Errors (HOTP Component)
HOTP Errors
114 Can't create password. | |
115 Can't validate password. |