OCRA Component

Properties   Methods   Events   Config Settings   Errors  

The OCRA component implements the OATH Challenge-Response Algorithm.

Syntax

TipaOCRA

Remarks

The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.

The first step to using the component is creating the Challenge and generating the OCRASuite. This is done by calling the CreateChallenge method. After creating the Challenge and OCRASuite these values are sent to the other party.

When receiving a challenge and OCRASuite the component is use to calculate a response. Set OCRASuite, Challenge, and any other required properties and call CalculateResponse to calculate the Response. Send the Response back to the original party for verification.

After receiving the verification set Challenge, OCRASuite, and Response and call VerifyResponse. VerifyResponse returns True if the response is verified, False otherwise.

Creating the Challenge

The CreateChallenge method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

When ChallengeType is set to ctSignature the following properties are applicable:

In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:

Calculating the Response

CalculateResponse calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Verifying the Response

VerifyResponse verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

ChallengeThe challenge value.
ChallengeFormatThe format in which the challenge will be created.
ChallengeInputThe input for the signature challenge.
ChallengeLengthThe challenge length.
ChallengeTypeThe challenge type.
CounterThe counter.
HashAlgorithmThe HMAC Hash Algorithm.
KeyThe secret key.
OCRASuiteThe OCRASuite defines parameters about the challenge and response.
PasswordThe password.
RequireCounterWhether a Counter value is required to create the response.
RequirePasswordWhether a Password is required to create the response.
RequireTimeStampWhether a TimeStamp is required to create the response.
ResponseThe OCRA response.
ResponseLengthDefines the length of the response.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

CalculateResponseThis method calculates the response to the given challenge.
ConfigSets or retrieves a configuration setting.
CreateChallengeCreates the challenge.
ResetReset the variables to default value.
VerifyResponseThis method verifies the response.

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ErrorInformation about errors during data delivery.

Config Settings


The following is a list of config settings for the component with short descriptions. Click on the links for further details.

CounterHexThe counter value as a hexadecimal string.
CurrentTimeThe current time in milliseconds.
PasswordHashAlgorithmThe password hash algorithm.
RequireSessionInfoWhether to use session information.
SessionInfoThe session information.
SessionInfoLengthThe length of the session information.
TimeStepSizeThe time step.
TimeStepUnitThe time step unit.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
MaskSensitiveWhether sensitive data is masked in log messages.
UseFIPSCompliantAPITells the component whether or not to use FIPS certified APIs.
UseInternalSecurityAPITells the component whether or not to use the system security libraries or an internal implementation.

Challenge Property (OCRA Component)

The challenge value.

Syntax

__property String Challenge = { read=FChallenge, write=FSetChallenge };
__property DynamicArray<Byte> ChallengeB = { read=FChallengeB, write=FSetChallengeB };

Default Value

""

Remarks

This property is populated after calling CreateChallenge. The format is specified by the ChallengeFormat property and the length is defined by the ChallengeLength property.

This property must be specified before calling CalculateResponse or VerifyResponse.

Data Type

Byte Array

ChallengeFormat Property (OCRA Component)

The format in which the challenge will be created.

Syntax

__property TipaOCRAChallengeFormats ChallengeFormat = { read=FChallengeFormat, write=FSetChallengeFormat };
enum TipaOCRAChallengeFormats { cfAlphanumeric=0, cfNumeric=1, cfHex=2 };

Default Value

cfAlphanumeric

Remarks

This setting specifies the format of the created challenge. This is applicable when calling CreateChallenge. Possible values are:

0 (cfAlphanumeric - default) Alphanumeric characters
1 (cfNumeric) Digits
2 (cfHex) Hex characters

Data Type

Integer

ChallengeInput Property (OCRA Component)

The input for the signature challenge.

Syntax

__property String ChallengeInput = { read=FChallengeInput, write=FSetChallengeInput };
__property DynamicArray<Byte> ChallengeInputB = { read=FChallengeInputB, write=FSetChallengeInputB };

Default Value

""

Remarks

This property specifies the data used when creating the signature challenge. This is only used when calling CreateChallenge when ChallengeType is set to Signature.

Data Type

Byte Array

ChallengeLength Property (OCRA Component)

The challenge length.

Syntax

__property int ChallengeLength = { read=FChallengeLength, write=FSetChallengeLength };

Default Value

8

Remarks

This setting specifies the length of the Challenge that is created when calling CreateChallenge. Valid values are from 4 to 64. The default value is 8.

Data Type

Integer

ChallengeType Property (OCRA Component)

The challenge type.

Syntax

__property TipaOCRAChallengeTypes ChallengeType = { read=FChallengeType, write=FSetChallengeType };
enum TipaOCRAChallengeTypes { ctRandom=0, ctSignature=1 };

Default Value

ctRandom

Remarks

This property defines the type of challenge created. Possible values are:

0 (ctRandom - default) A random challenge is created.
1 (ctSignature) A signature challenge is created by signing ChallengeInput.

When setting this property to 0 (ctRandom) and calling CreateChallenge the component will populate Challenge with a randomly generated value.

When setting this property to 1 (ctSignature) and calling CreateChallenge the component creates a Hash-based Message Authentication Code (HMAC) value using the data specified in ChallengeInput and then populate Challenge with the formatted result.

Data Type

Integer

Counter Property (OCRA Component)

The counter.

Syntax

__property __int64 Counter = { read=FCounter, write=FSetCounter };

Default Value

0

Remarks

This property specifies the counter.

If a counter is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a counter is required assign OCRASuite to the OCRA suite and check the value of RequireCounter.

The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.

Data Type

Long64

HashAlgorithm Property (OCRA Component)

The HMAC Hash Algorithm.

Syntax

__property TipaOCRAHashAlgorithms HashAlgorithm = { read=FHashAlgorithm, write=FSetHashAlgorithm };
enum TipaOCRAHashAlgorithms { haSHA1=0, haSHA256=1, haSHA512=2 };

Default Value

haSHA1

Remarks

This property specifies the hash algorithm used by the component. Possible values are:

  • 0 (SHA-1 - default)
  • 1 (SHA-256)
  • 2 (SHA-512)

Data Type

Integer

Key Property (OCRA Component)

The secret key.

Syntax

__property String Key = { read=FKey, write=FSetKey };
__property DynamicArray<Byte> KeyB = { read=FKeyB, write=FSetKeyB };

Default Value

""

Remarks

This property holds the secret key used when calling CalculateResponse and VerifyResponse.

This property is also used when calling CreateChallenge when ChallengeType is set to Signature.

An empty key is valid, however it is recommended to provide a key value.

Data Type

Byte Array

OCRASuite Property (OCRA Component)

The OCRASuite defines parameters about the challenge and response.

Syntax

__property String OCRASuite = { read=FOCRASuite, write=FSetOCRASuite };

Default Value

""

Remarks

This property holds the OCRASuite value which defines parameters about the challenge and response.

This property will be populated after calling CreateChallenge. This property must be set before calling CalculateResponse or VerifyResponse.

When calling CreateChallenge the following properties will be used to create the OCRASuite:

When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.

Data Type

String

Password Property (OCRA Component)

The password.

Syntax

__property String Password = { read=FPassword, write=FSetPassword };
__property DynamicArray<Byte> PasswordB = { read=FPasswordB, write=FSetPasswordB };

Default Value

""

Remarks

This property specifies the password.

If a password is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a password is required assign OCRASuite to the OCRA suite and check the value of RequirePassword.

Data Type

Byte Array

RequireCounter Property (OCRA Component)

Whether a Counter value is required to create the response.

Syntax

__property bool RequireCounter = { read=FRequireCounter, write=FSetRequireCounter };

Default Value

false

Remarks

This property specifies whether a Counter value is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

Data Type

Boolean

RequirePassword Property (OCRA Component)

Whether a Password is required to create the response.

Syntax

__property bool RequirePassword = { read=FRequirePassword, write=FSetRequirePassword };

Default Value

false

Remarks

This property specifies whether a Password is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

Data Type

Boolean

RequireTimeStamp Property (OCRA Component)

Whether a TimeStamp is required to create the response.

Syntax

__property bool RequireTimeStamp = { read=FRequireTimeStamp, write=FSetRequireTimeStamp };

Default Value

false

Remarks

This property specifies whether a TimeStamp is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

The component will automatically use the current system time when calling CalculateResponse and VerifyResponse if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.

The following settings are also applicable when this value is True:

Data Type

Boolean

Response Property (OCRA Component)

The OCRA response.

Syntax

__property String Response = { read=FResponse, write=FSetResponse };
__property DynamicArray<Byte> ResponseB = { read=FResponseB, write=FSetResponseB };

Default Value

""

Remarks

This property holds the challenge response.

This is populated after calling CalculateResponse. This must be set before calling VerifyResponse.

Data Type

Byte Array

ResponseLength Property (OCRA Component)

Defines the length of the response.

Syntax

__property int ResponseLength = { read=FResponseLength, write=FSetResponseLength };

Default Value

6

Remarks

This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite. When calling CalculateResponse the calculated Response will be a value with this length.

The default value is 6.

Data Type

Integer

CalculateResponse Method (OCRA Component)

This method calculates the response to the given challenge.

Syntax

void __fastcall CalculateResponse();

Remarks

This method calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Config Method (OCRA Component)

Sets or retrieves a configuration setting.

Syntax

String __fastcall Config(String ConfigurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateChallenge Method (OCRA Component)

Creates the challenge.

Syntax

void __fastcall CreateChallenge();

Remarks

This method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

When ChallengeType is set to ctSignature the following properties are applicable:

In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Reset Method (OCRA Component)

Reset the variables to default value.

Syntax

void __fastcall Reset();

Remarks

This method will reset the variables to default value.

VerifyResponse Method (OCRA Component)

This method verifies the response.

Syntax

bool __fastcall VerifyResponse();

Remarks

This method verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Error Event (OCRA Component)

Information about errors during data delivery.

Syntax

typedef struct {
  int ErrorCode;
  String Description;
} TipaOCRAErrorEventParams;
typedef void __fastcall (__closure *TipaOCRAErrorEvent)(System::TObject* Sender, TipaOCRAErrorEventParams *e);
__property TipaOCRAErrorEvent OnError = { read=FOnError, write=FOnError };

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (OCRA Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

OCRA Config Settings

CounterHex:   The counter value as a hexadecimal string.

This setting may be used instead of Counter to supply the counter value. This is specified as a Hexadecimal string and may be used to provide large values like "FFFFFFFFFFFFFFFF".

CurrentTime:   The current time in milliseconds.

This setting specifies the current time in milliseconds since the Unix epoch (January 1, 1970). By default the component will use the system time when CalculateResponse or VerifyResponse is called and RequireTimeStamp is True. This setting overrides the value returned by the system.

PasswordHashAlgorithm:   The password hash algorithm.

This setting specifies the password hash algorithm. Possible values are:

0 SHA1
1 (default) SHA-256
2 SHA-512
RequireSessionInfo:   Whether to use session information.

This setting specifies whether session info is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

SessionInfo:   The session information.

This setting specifies the session info when RequireSessionInfo is set to True. This value should be specified before calling CalculateResponse or VerifyResponse, and should be of length SessionInfoLength.

SessionInfoLength:   The length of the session information.

This setting specifies the length of the session information.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

Common values are 64, 128, 256, and 512.

TimeStepSize:   The time step.

The size of the time step. The default value is 1.

TimeStepUnit:   The time step unit.

This setting specifies the time step unit. Possible values are:

0 Seconds
1 (default) Minutes
2 Hours

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

IdentifierName
037IBM EBCDIC - U.S./Canada
437OEM - United States
500IBM EBCDIC - International
708Arabic - ASMO 708
709Arabic - ASMO 449+, BCON V4
710Arabic - Transparent Arabic
720Arabic - Transparent ASMO
737OEM - Greek (formerly 437G)
775OEM - Baltic
850OEM - Multilingual Latin I
852OEM - Latin II
855OEM - Cyrillic (primarily Russian)
857OEM - Turkish
858OEM - Multilingual Latin I + Euro symbol
860OEM - Portuguese
861OEM - Icelandic
862OEM - Hebrew
863OEM - Canadian-French
864OEM - Arabic
865OEM - Nordic
866OEM - Russian
869OEM - Modern Greek
870IBM EBCDIC - Multilingual/ROECE (Latin-2)
874ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875IBM EBCDIC - Modern Greek
932ANSI/OEM - Japanese, Shift-JIS
936ANSI/OEM - Simplified Chinese (PRC, Singapore)
949ANSI/OEM - Korean (Unified Hangul Code)
950ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026IBM EBCDIC - Turkish (Latin-5)
1047IBM EBCDIC - Latin 1/Open System
1140IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141IBM EBCDIC - Germany (20273 + Euro symbol)
1142IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144IBM EBCDIC - Italy (20280 + Euro symbol)
1145IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147IBM EBCDIC - France (20297 + Euro symbol)
1148IBM EBCDIC - International (500 + Euro symbol)
1149IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201Unicode UCS-2 Big-Endian
1250ANSI - Central European
1251ANSI - Cyrillic
1252ANSI - Latin I
1253ANSI - Greek
1254ANSI - Turkish
1255ANSI - Hebrew
1256ANSI - Arabic
1257ANSI - Baltic
1258ANSI/OEM - Vietnamese
1361Korean (Johab)
10000MAC - Roman
10001MAC - Japanese
10002MAC - Traditional Chinese (Big5)
10003MAC - Korean
10004MAC - Arabic
10005MAC - Hebrew
10006MAC - Greek I
10007MAC - Cyrillic
10008MAC - Simplified Chinese (GB 2312)
10010MAC - Romania
10017MAC - Ukraine
10021MAC - Thai
10029MAC - Latin II
10079MAC - Icelandic
10081MAC - Turkish
10082MAC - Croatia
12000Unicode UCS-4 Little-Endian
12001Unicode UCS-4 Big-Endian
20000CNS - Taiwan
20001TCA - Taiwan
20002Eten - Taiwan
20003IBM5550 - Taiwan
20004TeleText - Taiwan
20005Wang - Taiwan
20105IA5 IRV International Alphabet No. 5 (7-bit)
20106IA5 German (7-bit)
20107IA5 Swedish (7-bit)
20108IA5 Norwegian (7-bit)
20127US-ASCII (7-bit)
20261T.61
20269ISO 6937 Non-Spacing Accent
20273IBM EBCDIC - Germany
20277IBM EBCDIC - Denmark/Norway
20278IBM EBCDIC - Finland/Sweden
20280IBM EBCDIC - Italy
20284IBM EBCDIC - Latin America/Spain
20285IBM EBCDIC - United Kingdom
20290IBM EBCDIC - Japanese Katakana Extended
20297IBM EBCDIC - France
20420IBM EBCDIC - Arabic
20423IBM EBCDIC - Greek
20424IBM EBCDIC - Hebrew
20833IBM EBCDIC - Korean Extended
20838IBM EBCDIC - Thai
20866Russian - KOI8-R
20871IBM EBCDIC - Icelandic
20880IBM EBCDIC - Cyrillic (Russian)
20905IBM EBCDIC - Turkish
20924IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932JIS X 0208-1990 & 0121-1990
20936Simplified Chinese (GB2312)
21025IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027Extended Alpha Lowercase
21866Ukrainian (KOI8-U)
28591ISO 8859-1 Latin I
28592ISO 8859-2 Central Europe
28593ISO 8859-3 Latin 3
28594ISO 8859-4 Baltic
28595ISO 8859-5 Cyrillic
28596ISO 8859-6 Arabic
28597ISO 8859-7 Greek
28598ISO 8859-8 Hebrew
28599ISO 8859-9 Latin 5
28605ISO 8859-15 Latin 9
29001Europa 3
38598ISO 8859-8 Hebrew
50220ISO 2022 Japanese with no halfwidth Katakana
50221ISO 2022 Japanese with halfwidth Katakana
50222ISO 2022 Japanese JIS X 0201-1989
50225ISO 2022 Korean
50227ISO 2022 Simplified Chinese
50229ISO 2022 Traditional Chinese
50930Japanese (Katakana) Extended
50931US/Canada and Japanese
50933Korean Extended and Korean
50935Simplified Chinese Extended and Simplified Chinese
50936Simplified Chinese
50937US/Canada and Traditional Chinese
50939Japanese (Latin) Extended and Japanese
51932EUC - Japanese
51936EUC - Simplified Chinese
51949EUC - Korean
51950EUC - Traditional Chinese
52936HZ-GB2312 Simplified Chinese
54936Windows XP: GB18030 Simplified Chinese (4 Byte)
57002ISCII Devanagari
57003ISCII Bengali
57004ISCII Tamil
57005ISCII Telugu
57006ISCII Assamese
57007ISCII Oriya
57008ISCII Kannada
57009ISCII Malayalam
57010ISCII Gujarati
57011ISCII Punjabi
65000Unicode UTF-7
65001Unicode UTF-8
The following is a list of valid code page identifiers for Mac OS only:
IdentifierName
1ASCII
2NEXTSTEP
3JapaneseEUC
4UTF8
5ISOLatin1
6Symbol
7NonLossyASCII
8ShiftJIS
9ISOLatin2
10Unicode
11WindowsCP1251
12WindowsCP1252
13WindowsCP1253
14WindowsCP1254
15WindowsCP1250
21ISO2022JP
30MacOSRoman
10UTF16String
0x90000100UTF16BigEndian
0x94000100UTF16LittleEndian
0x8c000100UTF32String
0x98000100UTF32BigEndian
0x9c000100UTF32LittleEndian
65536Proprietary

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitive:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseFIPSCompliantAPI:   Tells the component whether or not to use FIPS certified APIs.

When set to true, the component will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting which applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details please see the FIPS 140-2 Compliance article.

Note: This setting is only applicable on Windows.

Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI:   Tells the component whether or not to use the system security libraries or an internal implementation.

When set to false, the component will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this setting to true tells the component to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (OCRA Component)

OCRA Errors

101   Invalid challenge type.
102   Invalid challenge length.
103   Invalid response length.
104   Response must be specified.
105   Invalid hash algorithm.
106   Invalid challenge format.
107   Invalid password hash algorithm.
108   Invalid time step unit.
109   Invalid OCRASuite.
110   OCRASuite must be specified.
111   Challenge must be specified.
112   ChallengeInput must be specified.
113   Password must be specified.