OCRA Class

Properties Methods Events Config Settings Errors

The OCRA class implements the OATH Challenge-Response Algorithm.

Syntax

ipworksauth.OCRA

Remarks

The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.

The first step to using the class is creating the Challenge and generating the OCRASuite. This is done by calling the CreateChallenge method. After creating the Challenge and OCRASuite these values are sent to the other party.

When receiving a challenge and OCRASuite the class is use to calculate a response. Set OCRASuite, Challenge, and any other required properties and call CalculateResponse to calculate the Response. Send the Response back to the original party for verification.

After receiving the verification set Challenge, OCRASuite, and Response and call VerifyResponse. VerifyResponse returns True if the response is verified, False otherwise.

Creating the Challenge

The CreateChallenge method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

ChallengeType
ChallengeFormat
ChallengeLength

When ChallengeType is set to ctSignature the following properties are applicable:

ChallengeType
ChallengeFormat
ChallengeLength
ChallengeInput (required)
HashAlgorithm
Key

In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

Calculating the Response

CalculateResponse calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Challenge
Counter
HashAlgorithm
Key
OCRASuite
Password
ResponseLength
CurrentTime
SessionInfo
TimeStepSize
TimeStepUnit
PasswordHashAlgorithm

Verifying the Response

VerifyResponse verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Challenge
Response
Counter
HashAlgorithm
Key
OCRASuite
Password
ResponseLength
CurrentTime
SessionInfo
TimeStepSize
TimeStepUnit
PasswordHashAlgorithm

Random Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified Signature Challenge Example //First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


Challenge	The challenge value.
ChallengeFormat	The format in which the challenge will be created.
ChallengeInput	The input for the signature challenge.
ChallengeLength	The challenge length.
ChallengeType	The challenge type.
Counter	The counter.
HashAlgorithm	The HMAC Hash Algorithm.
Key	The secret key.
OCRASuite	The OCRASuite defines parameters about the challenge and response.
Password	The password.
RequireCounter	Whether a Counter value is required to create the response.
RequirePassword	Whether a Password is required to create the response.
RequireTimeStamp	Whether a TimeStamp is required to create the response.
Response	The OCRA response.
ResponseLength	Defines the length of the response.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


CalculateResponse	This method calculates the response to the given challenge.
Config	Sets or retrieves a configuration setting.
CreateChallenge	Creates the challenge.
Reset	Reset the variables to default value.
VerifyResponse	This method verifies the response.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


Error	Fired when information is available about errors during data delivery.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


CounterHex	The counter value as a hexadecimal string.
CurrentTime	The current time in milliseconds.
PasswordHashAlgorithm	The password hash algorithm.
RequireSessionInfo	Whether to use session information.
SessionInfo	The session information.
SessionInfoLength	The length of the session information.
TimeStepSize	The time step.
TimeStepUnit	The time step unit.
BuildInfo	Information about the product's build.
GUIAvailable	Whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitiveData	Whether sensitive data is masked in log messages.
UseDaemonThreads	Whether threads created by the class are daemon threads.
UseFIPSCompliantAPI	Tells the class whether or not to use FIPS certified APIs.
UseInternalSecurityAPI	Whether or not to use the system security libraries or an internal implementation.

Challenge Property (OCRA Class)

The challenge value.

Syntax

public byte[] getChallenge();
public void setChallenge(byte[] challenge);

Default Value

Remarks

This property is populated after calling CreateChallenge. The format is specified by the ChallengeFormat property and the length is defined by the ChallengeLength property.

This property must be specified before calling CalculateResponse or VerifyResponse.

ChallengeFormat Property (OCRA Class)

The format in which the challenge will be created.

Syntax

public int getChallengeFormat();
public void setChallengeFormat(int challengeFormat);

Enumerated values:
  public final static int cfAlphanumeric = 0;
  public final static int cfNumeric = 1;
  public final static int cfHex = 2;

Default Value

Remarks

This setting specifies the format of the created challenge. This is applicable when calling CreateChallenge. Possible values are:


0 (cfAlphanumeric - default)	Alphanumeric characters
1 (cfNumeric)	Digits
2 (cfHex)	Hex characters

ChallengeInput Property (OCRA Class)

The input for the signature challenge.

Syntax

public byte[] getChallengeInput();
public void setChallengeInput(byte[] challengeInput);

Default Value

Remarks

This property specifies the data used when creating the signature challenge. This is only used when calling CreateChallenge when ChallengeType is set to Signature.

ChallengeLength Property (OCRA Class)

The challenge length.

Syntax

public int getChallengeLength();
public void setChallengeLength(int challengeLength);

Default Value

Remarks

This setting specifies the length of the Challenge that is created when calling CreateChallenge. Valid values are from 4 to 64. The default value is 8.

ChallengeType Property (OCRA Class)

The challenge type.

Syntax

public int getChallengeType();
public void setChallengeType(int challengeType);

Enumerated values:
  public final static int ctRandom = 0;
  public final static int ctSignature = 1;

Default Value

Remarks

This property defines the type of challenge created. Possible values are:


0 (ctRandom - default)	A random challenge is created.
1 (ctSignature)	A signature challenge is created by signing ChallengeInput.

When setting this property to 0 (ctRandom) and calling CreateChallenge the class will populate Challenge with a randomly generated value.

When setting this property to 1 (ctSignature) and calling CreateChallenge the class creates a Hash-based Message Authentication Code (HMAC) value using the data specified in ChallengeInput and then populate Challenge with the formatted result.

Counter Property (OCRA Class)

The counter.

Syntax

public long getCounter();
public void setCounter(long counter);

Default Value

Remarks

This property specifies the counter.

If a counter is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a counter is required assign OCRASuite to the OCRA suite and check the value of RequireCounter.

The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.

HashAlgorithm Property (OCRA Class)

The HMAC Hash Algorithm.

Syntax

public int getHashAlgorithm();
public void setHashAlgorithm(int hashAlgorithm);

Enumerated values:
  public final static int haSHA1 = 0;
  public final static int haSHA256 = 1;
  public final static int haSHA512 = 2;

Default Value

Remarks

This property specifies the hash algorithm used by the class. Possible values are:

0 (SHA-1 - default)
1 (SHA-256)
2 (SHA-512)

Key Property (OCRA Class)

The secret key.

Syntax

public byte[] getKey();
public void setKey(byte[] key);

Default Value

Remarks

This property holds the secret key used when calling CalculateResponse and VerifyResponse.

This property is also used when calling CreateChallenge when ChallengeType is set to Signature.

An empty key is valid, however it is recommended to provide a key value.

OCRASuite Property (OCRA Class)

The OCRASuite defines parameters about the challenge and response.

Syntax

public String getOCRASuite();
public void setOCRASuite(String OCRASuite);

Default Value

Remarks

This property holds the OCRASuite value which defines parameters about the challenge and response.

This property will be populated after calling CreateChallenge. This property must be set before calling CalculateResponse or VerifyResponse.

When calling CreateChallenge the following properties will be used to create the OCRASuite:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.

Password Property (OCRA Class)

The password.

Syntax

public byte[] getPassword();
public void setPassword(byte[] password);

Default Value

Remarks

This property specifies the password.

If a password is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a password is required assign OCRASuite to the OCRA suite and check the value of RequirePassword.

RequireCounter Property (OCRA Class)

Whether a Counter value is required to create the response.

Syntax

public boolean isRequireCounter();
public void setRequireCounter(boolean requireCounter);

Default Value

False

Remarks

This property specifies whether a Counter value is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

RequirePassword Property (OCRA Class)

Whether a Password is required to create the response.

Syntax

public boolean isRequirePassword();
public void setRequirePassword(boolean requirePassword);

Default Value

False

Remarks

This property specifies whether a Password is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

RequireTimeStamp Property (OCRA Class)

Whether a TimeStamp is required to create the response.

Syntax

public boolean isRequireTimeStamp();
public void setRequireTimeStamp(boolean requireTimeStamp);

Default Value

False

Remarks

This property specifies whether a TimeStamp is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

The class will automatically use the current system time when calling CalculateResponse and VerifyResponse if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.

The following settings are also applicable when this value is True:

TimeStepSize
TimeStepUnit

Response Property (OCRA Class)

The OCRA response.

Syntax

public byte[] getResponse();
public void setResponse(byte[] response);

Default Value

Remarks

This property holds the challenge response.

This is populated after calling CalculateResponse. This must be set before calling VerifyResponse.

ResponseLength Property (OCRA Class)

Defines the length of the response.

Syntax

public int getResponseLength();
public void setResponseLength(int responseLength);

Default Value

Remarks

This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite. When calling CalculateResponse the calculated Response will be a value with this length.

The default value is 6.

CalculateResponse Method (OCRA Class)

This method calculates the response to the given challenge.

Syntax

public void calculateResponse();

Remarks

This method calculates Response to the given Challenge.

Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.

The following properties are applicable when calling this method:

Challenge
Counter
HashAlgorithm
Key
OCRASuite
Password
ResponseLength
CurrentTime
SessionInfo
TimeStepSize
TimeStepUnit
PasswordHashAlgorithm

Config Method (OCRA Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateChallenge Method (OCRA Class)

Creates the challenge.

Syntax

public void createChallenge();

Remarks

This method creates a Challenge. After calling this method the Challenge property will be populated with the created value.

When ChallengeType is set to ctRandom the following properties are applicable:

ChallengeType
ChallengeFormat
ChallengeLength

When ChallengeType is set to ctSignature the following properties are applicable:

ChallengeType
ChallengeFormat
ChallengeLength
ChallengeInput (required)
HashAlgorithm
Key

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

Reset Method (OCRA Class)

Reset the variables to default value.

Syntax

public void reset();

Remarks

This method will reset the variables to default value.

VerifyResponse Method (OCRA Class)

This method verifies the response.

Syntax

public boolean verifyResponse();

Remarks

This method verifies the response and returns True or False depending on the result.

Before calling this method set OCRASuite, Challenge, and Response.

After setting OCRASuite the following properties are populated, which provide requirements for the response:

ChallengeFormat
HashAlgorithm
ResponseLength
RequireCounter
RequirePassword
RequireTimeStamp
PasswordHashAlgorithm
RequireSessionInfo
SessionInfoLength
TimeStepSize
TimeStepUnit

Call this method to verify the response. The method will return True if the verification was successful, False otherwise.

The following properties are applicable when calling this method:

Challenge
Response
Counter
HashAlgorithm
Key
OCRASuite
Password
ResponseLength
CurrentTime
SessionInfo
TimeStepSize
TimeStepUnit
PasswordHashAlgorithm

Error Event (OCRA Class)

Fired when information is available about errors during data delivery.

Syntax

public class DefaultOCRAEventListener implements OCRAEventListener {
  ...
  public void error(OCRAErrorEvent e) {}
  ...
}

public class OCRAErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (OCRA Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

OCRA Config Settings

CounterHex: The counter value as a hexadecimal string.

This setting may be used instead of Counter to supply the counter value. This is specified as a Hexadecimal string and may be used to provide large values like "FFFFFFFFFFFFFFFF".

CurrentTime: The current time in milliseconds.

This setting specifies the current time in milliseconds since the Unix epoch (January 1, 1970). By default the class will use the system time when CalculateResponse or VerifyResponse is called and RequireTimeStamp is True. This setting overrides the value returned by the system.

PasswordHashAlgorithm: The password hash algorithm.

This setting specifies the password hash algorithm. Possible values are:


0	SHA1
1 (default)	SHA-256
2	SHA-512

RequireSessionInfo: Whether to use session information.

This setting specifies whether session info is required to create the response.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

SessionInfo: The session information.

This setting specifies the session info when RequireSessionInfo is set to True. This value should be specified before calling CalculateResponse or VerifyResponse, and should be of length SessionInfoLength.

SessionInfoLength: The length of the session information.

This setting specifies the length of the session information.

This may be set before calling CreateChallenge, when the OCRASuite is generated.

When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite

Common values are 64, 128, 256, and 512.

TimeStepSize: The time step.

The size of the time step. The default value is 1.

TimeStepUnit: The time step unit.

This setting specifies the time step unit. Possible values are:


0	Seconds
1 (default)	Minutes
2	Hours

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable: Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The class will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the class does not attempt to process external events.

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitiveData: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseDaemonThreads: Whether threads created by the class are daemon threads.

If set to True (default), when the class creates a thread, the thread's Daemon property will be explicitly set to True. When set to False, the class will not set the Daemon property on the created thread. The default value is True.

UseFIPSCompliantAPI: Tells the class whether or not to use FIPS certified APIs.

When set to true, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle Federal Information Processing Standards (FIPS), while all other Windows editions make use of Microsoft security libraries.

The Java edition requires installation of the FIPS-certified Bouncy Castle library regardless of the target operating system. This can be downloaded from https://www.bouncycastle.org/fips-java/. Only the "Provider" library is needed. The jar file should then be installed in a JRE search path.

The following classes must be imported in the application in which the component will be used:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

The Bouncy Castle provider must be added as a valid provider and must also be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider());

When UseFIPSCompliantAPI is true, Secure Sockets Layer (SSL)-enabled classes can optionally be configured to use the Transport Layer Security (TLS) Bouncy Castle library. When SSLProvider is set to sslpAutomatic (default) or sslpInternal, an internal TLS implementation is used, but all cryptographic operations are offloaded to the Bouncy Castle FIPS provider to achieve FIPS-compliant operation. If SSLProvider is set to sslpPlatform, the Bouncy Castle JSSE will be used in place of the internal TLS implementation.

To enable the use of the Bouncy Castle JSSE take the following steps in addition to the steps above. Both the Bouncy Castle FIPS provider and the Bouncy Castle JSSE must be configured to use the Bouncy Castle TLS library in FIPS mode. Obtain the Bouncy Castle TLS library from https://www.bouncycastle.org/fips-java/. The jar file should then be installed in a JRE search path.

The following classes must be imported in the application in which the component will be used:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider; //required to use BCJSSE when SSLProvider is set to sslpPlatform import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

The Bouncy Castle provider must be added as a valid provider and also must be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider()); //required to use BCJSSE when SSLProvider is set to sslpPlatform Security.addProvider(new BouncyCastleJsseProvider("fips:BCFIPS")); //optional - configure logging level of BCJSSE Logger.getLogger("org.bouncycastle.jsse").setLevel(java.util.logging.Level.OFF); //configure the class to use BCJSSE component.setSSLProvider(1); //platform component.config("UseFIPSCompliantAPI=true"); Note: TLS 1.3 support requires the Bouncy Castle TLS library version 1.0.14 or later.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details, please see the FIPS 140-2 Compliance article.

Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI: Whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (OCRA Class)

OCRA Errors

101	Invalid challenge type.
102	Invalid challenge length.
103	Invalid response length.
104	Response must be specified.
105	Invalid hash algorithm.
106	Invalid challenge format.
107	Invalid password hash algorithm.
108	Invalid time step unit.
109	Invalid OCRASuite.
110	OCRASuite must be specified.
111	Challenge must be specified.
112	ChallengeInput must be specified.
113	Password must be specified.