OCRA Component
Properties Methods Events Config Settings Errors
The OCRA component implements the OATH Challenge-Response Algorithm.
Syntax
TipaOCRA
Remarks
The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.
The first step to using the component is creating the Challenge and generating the OCRASuite. This is done by calling the CreateChallenge method. After creating the Challenge and OCRASuite these values are sent to the other party.
When receiving a challenge and OCRASuite the component is use to calculate a response. Set OCRASuite, Challenge, and any other required properties and call CalculateResponse to calculate the Response. Send the Response back to the original party for verification.
After receiving the verification set Challenge, OCRASuite, and Response and call VerifyResponse. VerifyResponse returns True if the response is verified, False otherwise.
Creating the Challenge
The CreateChallenge method creates a Challenge. After calling this method the Challenge property will be populated with the created value.
When ChallengeType is set to ctRandom the following properties are applicable:
When ChallengeType is set to ctSignature the following properties are applicable:
In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Calculating the Response
CalculateResponse calculates Response to the given Challenge.
Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.
Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- Challenge
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Verifying the Response
VerifyResponse verifies the response and returns True or False depending on the result.
Before calling this method set OCRASuite, Challenge, and Response.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- Challenge
- Response
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
Challenge | The challenge value. |
ChallengeFormat | The format in which the challenge will be created. |
ChallengeInput | The input for the signature challenge. |
ChallengeLength | The challenge length. |
ChallengeType | The challenge type. |
Counter | The counter. |
HashAlgorithm | The HMAC Hash Algorithm. |
Key | The secret key. |
OCRASuite | The OCRASuite defines parameters about the challenge and response. |
Password | The password. |
RequireCounter | Whether a Counter value is required to create the response. |
RequirePassword | Whether a Password is required to create the response. |
RequireTimeStamp | Whether a TimeStamp is required to create the response. |
Response | The OCRA response. |
ResponseLength | Defines the length of the response. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
CalculateResponse | This method calculates the response to the given challenge. |
Config | Sets or retrieves a configuration setting. |
CreateChallenge | Creates the challenge. |
Reset | Reset the variables to default value. |
VerifyResponse | This method verifies the response. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
Error | Fired when information is available about errors during data delivery. |
Config Settings
The following is a list of config settings for the component with short descriptions. Click on the links for further details.
CounterHex | The counter value as a hexadecimal string. |
CurrentTime | The current time in milliseconds. |
PasswordHashAlgorithm | The password hash algorithm. |
RequireSessionInfo | Whether to use session information. |
SessionInfo | The session information. |
SessionInfoLength | The length of the session information. |
TimeStepSize | The time step. |
TimeStepUnit | The time step unit. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitiveData | Whether sensitive data is masked in log messages. |
UseFIPSCompliantAPI | Tells the component whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
Challenge Property (OCRA Component)
The challenge value.
Syntax
property Challenge: String read get_Challenge write set_Challenge; property ChallengeB: TBytes read get_ChallengeB write set_ChallengeB;
Default Value
''
Remarks
This property is populated after calling CreateChallenge. The format is specified by the ChallengeFormat property and the length is defined by the ChallengeLength property.
This property must be specified before calling CalculateResponse or VerifyResponse.
ChallengeFormat Property (OCRA Component)
The format in which the challenge will be created.
Syntax
property ChallengeFormat: TipaTChallengeFormats read get_ChallengeFormat write set_ChallengeFormat;
TipaTChallengeFormats = ( cfAlphanumeric, cfNumeric, cfHex );
Default Value
cfAlphanumeric
Remarks
This setting specifies the format of the created challenge. This is applicable when calling CreateChallenge. Possible values are:
0 (cfAlphanumeric - default) | Alphanumeric characters |
1 (cfNumeric) | Digits |
2 (cfHex) | Hex characters |
ChallengeInput Property (OCRA Component)
The input for the signature challenge.
Syntax
property ChallengeInput: String read get_ChallengeInput write set_ChallengeInput; property ChallengeInputB: TBytes read get_ChallengeInputB write set_ChallengeInputB;
Default Value
''
Remarks
This property specifies the data used when creating the signature challenge. This is only used when calling CreateChallenge when ChallengeType is set to Signature.
ChallengeLength Property (OCRA Component)
The challenge length.
Syntax
property ChallengeLength: Integer read get_ChallengeLength write set_ChallengeLength;
Default Value
8
Remarks
This setting specifies the length of the Challenge that is created when calling CreateChallenge. Valid values are from 4 to 64. The default value is 8.
ChallengeType Property (OCRA Component)
The challenge type.
Syntax
property ChallengeType: TipaTChallengeTypes read get_ChallengeType write set_ChallengeType;
TipaTChallengeTypes = ( ctRandom, ctSignature );
Default Value
ctRandom
Remarks
This property defines the type of challenge created. Possible values are:
0 (ctRandom - default) | A random challenge is created. |
1 (ctSignature) | A signature challenge is created by signing ChallengeInput. |
When setting this property to 0 (ctRandom) and calling CreateChallenge the component will populate Challenge with a randomly generated value.
When setting this property to 1 (ctSignature) and calling CreateChallenge the component creates a Hash-based Message Authentication Code (HMAC) value using the data specified in ChallengeInput and then populate Challenge with the formatted result.
Counter Property (OCRA Component)
The counter.
Syntax
property Counter: Int64 read get_Counter write set_Counter;
Default Value
0
Remarks
This property specifies the counter.
If a counter is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a counter is required assign OCRASuite to the OCRA suite and check the value of RequireCounter.
The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.
HashAlgorithm Property (OCRA Component)
The HMAC Hash Algorithm.
Syntax
property HashAlgorithm: TipaTHashAlgorithms read get_HashAlgorithm write set_HashAlgorithm;
TipaTHashAlgorithms = ( haSHA1, haSHA256, haSHA512 );
Default Value
haSHA1
Remarks
This property specifies the hash algorithm used by the component. Possible values are:
- 0 (SHA-1 - default)
- 1 (SHA-256)
- 2 (SHA-512)
Key Property (OCRA Component)
The secret key.
Syntax
property Key: String read get_Key write set_Key; property KeyB: TBytes read get_KeyB write set_KeyB;
Default Value
''
Remarks
This property holds the secret key used when calling CalculateResponse and VerifyResponse.
This property is also used when calling CreateChallenge when ChallengeType is set to Signature.
An empty key is valid, however it is recommended to provide a key value.
OCRASuite Property (OCRA Component)
The OCRASuite defines parameters about the challenge and response.
Syntax
property OCRASuite: String read get_OCRASuite write set_OCRASuite;
Default Value
''
Remarks
This property holds the OCRASuite value which defines parameters about the challenge and response.
This property will be populated after calling CreateChallenge. This property must be set before calling CalculateResponse or VerifyResponse.
When calling CreateChallenge the following properties will be used to create the OCRASuite:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.
Password Property (OCRA Component)
The password.
Syntax
property Password: String read get_Password write set_Password; property PasswordB: TBytes read get_PasswordB write set_PasswordB;
Default Value
''
Remarks
This property specifies the password.
If a password is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a password is required assign OCRASuite to the OCRA suite and check the value of RequirePassword.
RequireCounter Property (OCRA Component)
Whether a Counter value is required to create the response.
Syntax
property RequireCounter: Boolean read get_RequireCounter write set_RequireCounter;
Default Value
false
Remarks
This property specifies whether a Counter value is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
RequirePassword Property (OCRA Component)
Whether a Password is required to create the response.
Syntax
property RequirePassword: Boolean read get_RequirePassword write set_RequirePassword;
Default Value
false
Remarks
This property specifies whether a Password is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
RequireTimeStamp Property (OCRA Component)
Whether a TimeStamp is required to create the response.
Syntax
property RequireTimeStamp: Boolean read get_RequireTimeStamp write set_RequireTimeStamp;
Default Value
false
Remarks
This property specifies whether a TimeStamp is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
The component will automatically use the current system time when calling CalculateResponse and VerifyResponse if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.
The following settings are also applicable when this value is True:
Response Property (OCRA Component)
The OCRA response.
Syntax
property Response: String read get_Response write set_Response; property ResponseB: TBytes read get_ResponseB write set_ResponseB;
Default Value
''
Remarks
This property holds the challenge response.
This is populated after calling CalculateResponse. This must be set before calling VerifyResponse.
ResponseLength Property (OCRA Component)
Defines the length of the response.
Syntax
property ResponseLength: Integer read get_ResponseLength write set_ResponseLength;
Default Value
6
Remarks
This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite. When calling CalculateResponse the calculated Response will be a value with this length.
The default value is 6.
CalculateResponse Method (OCRA Component)
This method calculates the response to the given challenge.
Syntax
procedure CalculateResponse();
Remarks
This method calculates Response to the given Challenge.
Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.
Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- Challenge
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Config Method (OCRA Component)
Sets or retrieves a configuration setting.
Syntax
function Config(ConfigurationString: String): String;
Remarks
Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
CreateChallenge Method (OCRA Component)
Creates the challenge.
Syntax
procedure CreateChallenge();
Remarks
This method creates a Challenge. After calling this method the Challenge property will be populated with the created value.
When ChallengeType is set to ctRandom the following properties are applicable:
When ChallengeType is set to ctSignature the following properties are applicable:
In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Reset Method (OCRA Component)
Reset the variables to default value.
Syntax
procedure Reset();
Remarks
This method will reset the variables to default value.
VerifyResponse Method (OCRA Component)
This method verifies the response.
Syntax
function VerifyResponse(): Boolean;
Remarks
This method verifies the response and returns True or False depending on the result.
Before calling this method set OCRASuite, Challenge, and Response.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- Challenge
- Response
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Error Event (OCRA Component)
Fired when information is available about errors during data delivery.
Syntax
type TErrorEvent = procedure ( Sender: TObject; ErrorCode: Integer; const Description: String ) of Object;
property OnError: TErrorEvent read FOnError write FOnError;
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Config Settings (OCRA Component)
The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.OCRA Config Settings
0 | SHA1 |
1 (default) | SHA-256 |
2 | SHA-512 |
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
Common values are 64, 128, 256, and 512.
0 | Seconds |
1 (default) | Minutes |
2 | Hours |
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting that applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details, please see the FIPS 140-2 Compliance article.
Note: This setting is applicable only on Windows.
Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.
Setting this configuration setting to True tells the component to use the internal implementation instead of using the system security libraries.
This setting is set to False by default on all platforms.
Trappable Errors (OCRA Component)
OCRA Errors
101 | Invalid challenge type. |
102 | Invalid challenge length. |
103 | Invalid response length. |
104 | Response must be specified. |
105 | Invalid hash algorithm. |
106 | Invalid challenge format. |
107 | Invalid password hash algorithm. |
108 | Invalid time step unit. |
109 | Invalid OCRASuite. |
110 | OCRASuite must be specified. |
111 | Challenge must be specified. |
112 | ChallengeInput must be specified. |
113 | Password must be specified. |