OTP Component

Properties   Methods   Events   Config Settings   Errors  

The OTP component allows creation of single use passwords.

Syntax

nsoftware.IPWorksAuth.OTP

Remarks

The OTP component implements the HOTP algorithm defined in RFC 4226 (HMAC-Based One-Time Password) and the TOTP algorithm defined in RFC 6238 (Time-Based One-Time Password). These types of passwords are commonly used as a second factor of authentication in multi-factor authentication scenarios.

To begin decide which algorithm you wish to use and set PasswordAlgorithm. Specify the shared secret in the Secret property.

Next, depending on the algorithm chosen you may set Counter (HOTP) or TimeStep (TOTP). If these properties are not set, the component will use a default value.

To create the password call CreatePassword. The Password property will be populated with the new password.

To validate a password set the Password property and call ValidatePassword. The method will return True or False to indicate success or failure.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

CounterThe counter used for HMAC-Based One Time Password creation or validation.
PasswordThe HMAC-Based or Time-Based One Time Password.
PasswordAlgorithmThe algorithm used to create or validate the password.
SecretThe Base32 encoded shared secret used when creating and validating a password.
TimeStepThe time step (in seconds) used for Time-Based One Time Password creation or validation.
ValidityTimeThe validity time of the created password.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
CreatePasswordCreates a Time-Based or HMAC-Based One Time Password.
ResetReset the variables to default value.
ValidatePasswordValidates a Time-Based or HMAC-Based One Time Password.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ErrorFired when information is available about errors during data delivery.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

CurrentTimeThe current time in milliseconds.
FuturePasswordsAcceptedThe number of future passwords to accept.
HashAlgorithmThe hash algorithm used to sign the password.
PasswordLengthThe length of the generated password.
PreviousPasswordsAcceptedThe number of previous passwords to accept.
QRCodeURIReturns a URI suitable for encoding as a QR code.
SecretLengthThe length of secret to generate.
ValidityTimeThe validity time of the created TOTP password.
BuildInfoInformation about the product's build.
GUIAvailableWhether or not a message loop is available for processing events.
LicenseInfoInformation about the current license.
MaskSensitiveDataWhether sensitive data is masked in log messages.
UseFIPSCompliantAPITells the component whether or not to use FIPS certified APIs.
UseInternalSecurityAPIWhether or not to use the system security libraries or an internal implementation.

Counter Property (OTP Component)

The counter used for HMAC-Based One Time Password creation or validation.

Syntax

public long Counter { get; set; }

Public Property Counter As Long

Default Value

0

Remarks

This property holds the counter value used for HMAC-Based One Time Password creation or validation. When PasswordAlgorithm is set to paHOTP this value must be specified before calling CreatePassword or ValidatePassword. The value should be incremented each time a password is created.

The default value is 0.

This property is not applicable when using the Time-Based One Time Password algorithm.

Password Property (OTP Component)

The HMAC-Based or Time-Based One Time Password.

Syntax

public string Password { get; set; }

Public Property Password As String

Default Value

""

Remarks

This property holds the HMAC-Based or Time-Based One Time Password. This property is populated after calling CreatePassword. This property must be set before calling ValidatePassword.

PasswordAlgorithm Property (OTP Component)

The algorithm used to create or validate the password.

Syntax

public OTPPasswordAlgorithms PasswordAlgorithm { get; set; }

enum OTPPasswordAlgorithms {
  paTOTP,
  paHOTP
}

Public Property PasswordAlgorithm As OtpPasswordAlgorithms

Enum OTPPasswordAlgorithms
  paTOTP
  paHOTP
End Enum

Default Value

0

Remarks

This property specifies whether to use the HMAC-Based or Time-Based One Time Password algorithm. Possible values are:

0 (paTOTP - default) Time-Based One Time Password Algorithm.
1 (paHOTP) HMAC-Based One Time Password Algorithm.

Secret Property (OTP Component)

The Base32 encoded shared secret used when creating and validating a password.

Syntax

public string Secret { get; set; }

Public Property Secret As String

Default Value

""

Remarks

This property specifies the Base32 encoded shared secret used when creating and validating a password. This should be set before calling CreatePassword or ValidatePassword.

If this is not set before calling CreatePassword a random secret will be automatically generated. This functionality provides an easy way to create new secret values. The length of the secret is defined by SecretLength.

TimeStep Property (OTP Component)

The time step (in seconds) used for Time-Based One Time Password creation or validation.

Syntax

public int TimeStep { get; set; }

Public Property TimeStep As Integer

Default Value

30

Remarks

This property specifies the time step (in seconds) used for Time-Based One Time Password creation or validation. When PasswordAlgorithm is set to paTOTP this value must be specified before calling CreatePassword or ValidatePassword.

The default value is 30.

This property is not applicable when using the HMAC-Based One Time Password algorithm.

ValidityTime Property (OTP Component)

The validity time of the created password.

Syntax

public int ValidityTime { get; }

Public ReadOnly Property ValidityTime As Integer

Default Value

0

Remarks

This property returns the remaining validity time in seconds of the created password. After calling CreatePassword this property may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this property returns 0.

This property is read-only.

Config Method (OTP Component)

Sets or retrieves a configuration setting.

Syntax

public string Config(string configurationString);

Async Version
public async Task<string> Config(string configurationString);
public async Task<string> Config(string configurationString, CancellationToken cancellationToken);

Public Function Config(ByVal ConfigurationString As String) As String

Async Version
Public Function Config(ByVal ConfigurationString As String) As Task(Of String)
Public Function Config(ByVal ConfigurationString As String, cancellationToken As CancellationToken) As Task(Of String)

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreatePassword Method (OTP Component)

Creates a Time-Based or HMAC-Based One Time Password.

Syntax

public void CreatePassword();

Async Version
public async Task CreatePassword();
public async Task CreatePassword(CancellationToken cancellationToken);

Public Sub CreatePassword()

Async Version
Public Sub CreatePassword() As Task
Public Sub CreatePassword(cancellationToken As CancellationToken) As Task

Remarks

This method creates either a Time-Based or HMAC-Based One Time Password. The PasswordAlgorithm property specifies which algorithm to use.

The following properties are applicable when calling CreatePassword.

Calling CreatePassword populates the Password property with the created password.

If Secret is not specified before calling this method a random secret will be automatically generated.

Reset Method (OTP Component)

Reset the variables to default value.

Syntax

public void Reset();

Async Version
public async Task Reset();
public async Task Reset(CancellationToken cancellationToken);

Public Sub Reset()

Async Version
Public Sub Reset() As Task
Public Sub Reset(cancellationToken As CancellationToken) As Task

Remarks

This method will reset the variables to default value.

ValidatePassword Method (OTP Component)

Validates a Time-Based or HMAC-Based One Time Password.

Syntax

public bool ValidatePassword();

Async Version
public async Task<bool> ValidatePassword();
public async Task<bool> ValidatePassword(CancellationToken cancellationToken);

Public Function ValidatePassword() As Boolean

Async Version
Public Function ValidatePassword() As Task(Of Boolean)
Public Function ValidatePassword(cancellationToken As CancellationToken) As Task(Of Boolean)

Remarks

This method validates a Time-Based or HMAC-Based One Time Password. The PasswordAlgorithm property specifies which algorithm to use.

The following properties are applicable when calling ValidatePassword.

The method will return True if the password is validated, False otherwise.

Error Event (OTP Component)

Fired when information is available about errors during data delivery.

Syntax

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, OTPErrorEventArgs e);

public class OTPErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}

Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As OTPErrorEventArgs)

Public Class OTPErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (OTP Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

OTP Config Settings

CurrentTime:   The current time in milliseconds.

Specifies the current time Unix time in milliseconds (time since January 1 1970). Normally the component will query the system for the current time when creating or validating TOTP passwords. In the event that the system time is incorrect or cannot be retrieved you may set this value to the current time. This value will be reset to 0 after calling CreatePassword.

FuturePasswordsAccepted:   The number of future passwords to accept.

When set to a positive value, the component will accept passwords which are generated {FuturePasswordsAccepted} * TimeStep seconds in the future. The default value is 0.

HashAlgorithm:   The hash algorithm used to sign the password.

This setting specifies the hash algorithm used to sign the password. Possible values are:

  • SHA1 (default)
  • SHA256
  • SHA512
PasswordLength:   The length of the generated password.

This setting specifies the length of the generated password. Possible values are:

  • 6 (default)
  • 7
  • 8
PreviousPasswordsAccepted:   The number of previous passwords to accept.

When set to a positive value, the component will accept passwords which were generated {PreviousPasswordsAccepted} * TimeStep seconds in the past. The default value is 0.

QRCodeURI:   Returns a URI suitable for encoding as a QR code.

This setting provides a way to generate a URI which can be encoded into a QR code, suitable for using in any authenticator application. The URI format is well defined and is an easy way to transfer the secret key and other relevant parameters.

To use this setting first set Secret to a valid value, then execute code like:

string MyQRCodeURI = component.Config("QRCodeURI=MyServiceName:account@company.com");

In the above example the MyServiceName value is the issuer. This is typically used in authenticator applications to identify the service to which the account belongs. The account@company.com value is the account name and identifies the specific account with which the key is associated. The use of an issuer is not required but is recommended. An account name is required.

The return value from this operation is a URI in one of the following formats: 

//TOTP
otpauth://totp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&period=30

//HOTP
otpauth://hotp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&counter=0

The following values are applicable when using this setting:

SecretLength:   The length of secret to generate.

When Secret is empty and CreatePassword is called a random secret value will be generated. This setting determines the length of the randomly generated secret. The default value is 32.

ValidityTime:   The validity time of the created TOTP password.

This setting returns the remaining validity time in seconds of the created TOTP password. After calling CreatePassword this setting may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this setting returns 0. This is not applicable to HOTP passwords.

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitiveData:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseFIPSCompliantAPI:   Tells the component whether or not to use FIPS certified APIs.

When set to true, the component will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle Federal Information Processing Standards (FIPS), while all other Windows editions make use of Microsoft security libraries.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details, please see the FIPS 140-2 Compliance article.

Note: This setting is applicable only on Windows.

Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to false, the component will use the system security libraries by default to perform cryptographic functions where applicable. In this case, calls to unmanaged code will be made. In certain environments, this is not desirable. To use a completely managed security implementation, set this setting to true.

Setting this configuration setting to true tells the component to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.

If using the .NET Standard Library, this setting will be true on all platforms. The .NET Standard library does not support using the system security libraries.

Note: This setting is static. The value set is applicable to all components used in the application.

When this value is set, the product's system dynamic link library (DLL) is no longer required as a reference, as all unmanaged code is stored in that file.

Trappable Errors (OTP Component)

OTP Errors

114   Can't create password.
115   Can't validate password.