OCRA Class

Properties   Methods   Events   Config Settings   Errors  

The OCRA class implements the OATH Challenge-Response Algorithm.

Syntax

ipworksauth.Ocra

Remarks

The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.

The first step to using the class is creating the Challenge and generating the OCRASuite. This is done by calling the CreateChallenge method. After creating the Challenge and OCRASuite these values are sent to the other party.

When receiving a challenge and OCRASuite the class is use to calculate a response. Set OCRASuite, Challenge, and any other required properties and call CalculateResponse to calculate the Response. Send the Response back to the original party for verification.

After receiving the verification set Challenge, OCRASuite, and Response and call VerifyResponse. VerifyResponse returns True if the response is verified, False otherwise.

Creating the Challenge

The CreateChallenge method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

When ChallengeType is set to ctSignature the following properties are applicable:

In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:

Calculating the Response

CalculateResponse calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Verifying the Response

VerifyResponse verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

ChallengeThe challenge value.
ChallengeFormatThe format in which the challenge will be created.
ChallengeInputThe input for the signature challenge.
ChallengeLengthThe challenge length.
ChallengeTypeThe challenge type.
CounterThe counter.
HashAlgorithmThe HMAC Hash Algorithm.
KeyThe secret key.
OCRASuiteThe OCRASuite defines parameters about the challenge and response.
PasswordThe password.
RequireCounterWhether a Counter value is required to create the response.
RequirePasswordWhether a Password is required to create the response.
RequireTimeStampWhether a TimeStamp is required to create the response.
ResponseThe OCRA response.
ResponseLengthDefines the length of the response.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

CalculateResponseThis method calculates the response to the given challenge.
ConfigSets or retrieves a configuration setting.
CreateChallengeCreates the challenge.
ResetReset the variables to default value.
VerifyResponseThis method verifies the response.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ErrorInformation about errors during data delivery.

Config Settings


The following is a list of config settings for the class with short descriptions. Click on the links for further details.

CounterHexThe counter value as a hexadecimal string.
CurrentTimeThe current time in milliseconds.
PasswordHashAlgorithmThe password hash algorithm.
RequireSessionInfoWhether to use session information.
SessionInfoThe session information.
SessionInfoLengthThe length of the session information.
TimeStepSizeThe time step.
TimeStepUnitThe time step unit.
BuildInfoInformation about the product's build.
GUIAvailableTells the class whether or not a message loop is available for processing events.
LicenseInfoInformation about the current license.
MaskSensitiveWhether sensitive data is masked in log messages.
UseDaemonThreadsWhether threads created by the class are daemon threads.
UseFIPSCompliantAPITells the class whether or not to use FIPS certified APIs.
UseInternalSecurityAPITells the class whether or not to use the system security libraries or an internal implementation.

Challenge Property (OCRA Class)

The challenge value.

Syntax


public byte[] getChallenge();


public void setChallenge(byte[] challenge);

Default Value

""

Remarks

This property is populated after calling CreateChallenge. The format is specified by the ChallengeFormat property and the length is defined by the ChallengeLength property.

This property must be specified before calling CalculateResponse or VerifyResponse.

ChallengeFormat Property (OCRA Class)

The format in which the challenge will be created.

Syntax


public int getChallengeFormat();


public void setChallengeFormat(int challengeFormat);


Enumerated values:
  public final static int cfAlphanumeric = 0;
  public final static int cfNumeric = 1;
  public final static int cfHex = 2;

Default Value

0

Remarks

This setting specifies the format of the created challenge. This is applicable when calling CreateChallenge. Possible values are:

0 (cfAlphanumeric - default) Alphanumeric characters
1 (cfNumeric) Digits
2 (cfHex) Hex characters

ChallengeInput Property (OCRA Class)

The input for the signature challenge.

Syntax


public byte[] getChallengeInput();


public void setChallengeInput(byte[] challengeInput);

Default Value

""

Remarks

This property specifies the data used when creating the signature challenge. This is only used when calling CreateChallenge when ChallengeType is set to Signature.

ChallengeLength Property (OCRA Class)

The challenge length.

Syntax


public int getChallengeLength();


public void setChallengeLength(int challengeLength);

Default Value

8

Remarks

This setting specifies the length of the Challenge that is created when calling CreateChallenge. Valid values are from 4 to 64. The default value is 8.

ChallengeType Property (OCRA Class)

The challenge type.

Syntax


public int getChallengeType();


public void setChallengeType(int challengeType);


Enumerated values:
  public final static int ctRandom = 0;
  public final static int ctSignature = 1;

Default Value

0

Remarks

This property defines the type of challenge created. Possible values are:

0 (ctRandom - default) A random challenge is created.
1 (ctSignature) A signature challenge is created by signing ChallengeInput.

When setting this property to 0 (ctRandom) and calling CreateChallenge the class will populate Challenge with a randomly generated value.

When setting this property to 1 (ctSignature) and calling CreateChallenge the class creates a Hash-based Message Authentication Code (HMAC) value using the data specified in ChallengeInput and then populate Challenge with the formatted result.

Counter Property (OCRA Class)

The counter.

Syntax


public long getCounter();


public void setCounter(long counter);

Default Value

0

Remarks

This property specifies the counter.

If a counter is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a counter is required assign OCRASuite to the OCRA suite and check the value of RequireCounter.

The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.

HashAlgorithm Property (OCRA Class)

The HMAC Hash Algorithm.

Syntax


public int getHashAlgorithm();


public void setHashAlgorithm(int hashAlgorithm);


Enumerated values:
  public final static int haSHA1 = 0;
  public final static int haSHA256 = 1;
  public final static int haSHA512 = 2;

Default Value

0

Remarks

This property specifies the hash algorithm used by the class. Possible values are:

  • 0 (SHA-1 - default)
  • 1 (SHA-256)
  • 2 (SHA-512)

Key Property (OCRA Class)

The secret key.

Syntax


public byte[] getKey();


public void setKey(byte[] key);

Default Value

""

Remarks

This property holds the secret key used when calling CalculateResponse and VerifyResponse.

This property is also used when calling CreateChallenge when ChallengeType is set to Signature.

An empty key is valid, however it is recommended to provide a key value.

OCRASuite Property (OCRA Class)

The OCRASuite defines parameters about the challenge and response.

Syntax


public String getOCRASuite();


public void setOCRASuite(String OCRASuite);

Default Value

""

Remarks

This property holds the OCRASuite value which defines parameters about the challenge and response.

This property will be populated after calling CreateChallenge. This property must be set before calling CalculateResponse or VerifyResponse.

When calling CreateChallenge the following properties will be used to create the OCRASuite:

When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.

Password Property (OCRA Class)

The password.

Syntax


public byte[] getPassword();


public void setPassword(byte[] password);

Default Value

""

Remarks

This property specifies the password.

If a password is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a password is required assign OCRASuite to the OCRA suite and check the value of RequirePassword.

RequireCounter Property (OCRA Class)

Whether a Counter value is required to create the response.

Syntax


public boolean isRequireCounter();


public void setRequireCounter(boolean requireCounter);

Default Value

False

Remarks

This property specifies whether a Counter value is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

RequirePassword Property (OCRA Class)

Whether a Password is required to create the response.

Syntax


public boolean isRequirePassword();


public void setRequirePassword(boolean requirePassword);

Default Value

False

Remarks

This property specifies whether a Password is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

RequireTimeStamp Property (OCRA Class)

Whether a TimeStamp is required to create the response.

Syntax


public boolean isRequireTimeStamp();


public void setRequireTimeStamp(boolean requireTimeStamp);

Default Value

False

Remarks

This property specifies whether a TimeStamp is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

The class will automatically use the current system time when calling CalculateResponse and VerifyResponse if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.

The following settings are also applicable when this value is True:

Response Property (OCRA Class)

The OCRA response.

Syntax


public byte[] getResponse();


public void setResponse(byte[] response);

Default Value

""

Remarks

This property holds the challenge response.

This is populated after calling CalculateResponse. This must be set before calling VerifyResponse.

ResponseLength Property (OCRA Class)

Defines the length of the response.

Syntax


public int getResponseLength();


public void setResponseLength(int responseLength);

Default Value

6

Remarks

This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite. When calling CalculateResponse the calculated Response will be a value with this length.

The default value is 6.

CalculateResponse Method (Ocra Class)

This method calculates the response to the given challenge.

Syntax

public void calculateResponse();

Remarks

This method calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Config Method (Ocra Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateChallenge Method (Ocra Class)

Creates the challenge.

Syntax

public void createChallenge();

Remarks

This method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

When ChallengeType is set to ctSignature the following properties are applicable:

In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Reset Method (Ocra Class)

Reset the variables to default value.

Syntax

public void reset();

Remarks

This method will reset the variables to default value.

VerifyResponse Method (Ocra Class)

This method verifies the response.

Syntax

public boolean verifyResponse();

Remarks

This method verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Error Event (Ocra Class)

Information about errors during data delivery.

Syntax

public class DefaultOcraEventListener implements OcraEventListener {
  ...
  public void error(OcraErrorEvent e) {}
  ...
}

public class OcraErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (Ocra Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

OCRA Config Settings

CounterHex:   The counter value as a hexadecimal string.

This setting may be used instead of Counter to supply the counter value. This is specified as a Hexadecimal string and may be used to provide large values like "FFFFFFFFFFFFFFFF".

CurrentTime:   The current time in milliseconds.

This setting specifies the current time in milliseconds since the Unix epoch (January 1, 1970). By default the class will use the system time when CalculateResponse or VerifyResponse is called and RequireTimeStamp is True. This setting overrides the value returned by the system.

PasswordHashAlgorithm:   The password hash algorithm.

This setting specifies the password hash algorithm. Possible values are:

0 SHA1
1 (default) SHA-256
2 SHA-512
RequireSessionInfo:   Whether to use session information.

This setting specifies whether session info is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

SessionInfo:   The session information.

This setting specifies the session info when RequireSessionInfo is set to True. This value should be specified before calling CalculateResponse or VerifyResponse, and should be of length SessionInfoLength.

SessionInfoLength:   The length of the session information.

This setting specifies the length of the session information.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

Common values are 64, 128, 256, and 512.

TimeStepSize:   The time step.

The size of the time step. The default value is 1.

TimeStepUnit:   The time step unit.

This setting specifies the time step unit. Possible values are:

0 Seconds
1 (default) Minutes
2 Hours

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Tells the class whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The class will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the class does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitive:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseDaemonThreads:   Whether threads created by the class are daemon threads.

If set to True (default), when the class creates a thread, the thread's Daemon property will be explicitly set to True. When set to False, the class will not set the Daemon property on the created thread. The default value is True.

UseFIPSCompliantAPI:   Tells the class whether or not to use FIPS certified APIs.

When set to true, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.

The Java edition requires installation of the FIPS certified Bouncy Castle library regardless of the target operating system. This can be downloaded from https://www.bouncycastle.org/fips-java/. Only the "Provider" library is needed. The jar file should then be installed in a JRE search path.

In the application where the component will be used the following classes must be imported:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

The Bouncy Castle provider must be added as a valid provider and must also be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider());

When UseFIPSCompliantAPI is true, SSL enabled classes can optionally be configured to use the TLS Bouncy Castle library. When SSLProvider is set to sslpAutomatic (default) or sslpInternal an internal TLS implementation is used, but all cryptographic operations are offloaded to the BCFIPS provider in order to achieve FIPS compliant operation. If SSLProvider is set to sslpPlatform the Bouncy Castle JSSE will be used in place of the internal TLS implementation.

To enable the use of the Bouncy Castle JSSE take the following steps in addition to the steps above. Both the Bouncy Castle FIPS provider and the Bouncy Castle JSSE must be configured to use the Bouncy Castle TLS library in FIPS mode. Obtain the Bouncy Castle TLS library from https://www.bouncycastle.org/fips-java/. The jar file should then be installed in a JRE search path.

In the application where the component will be used the following classes must be imported:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider; //required to use BCJSSE when SSLProvider is set to sslpPlatform import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

The Bouncy Castle provider must be added as a valid provider and must also be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider()); //required to use BCJSSE when SSLProvider is set to sslpPlatform Security.addProvider(new BouncyCastleJsseProvider("fips:BCFIPS")); //optional - configure logging level of BCJSSE Logger.getLogger("org.bouncycastle.jsse").setLevel(java.util.logging.Level.OFF); //configure the class to use BCJSSE component.setSSLProvider(1); //platform component.config("UseFIPSCompliantAPI=true"); Note: TLS 1.3 support requires the Bouncy Castle TLS library version 1.0.14 or later.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting which applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details please see the FIPS 140-2 Compliance article.

Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI:   Tells the class whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (Ocra Class)

OCRA Errors

101   Invalid challenge type.
102   Invalid challenge length.
103   Invalid response length.
104   Response must be specified.
105   Invalid hash algorithm.
106   Invalid challenge format.
107   Invalid password hash algorithm.
108   Invalid time step unit.
109   Invalid OCRASuite.
110   OCRASuite must be specified.
111   Challenge must be specified.
112   ChallengeInput must be specified.
113   Password must be specified.