OCRA Class
Properties Methods Events Config Settings Errors
The OCRA class implements the OATH Challenge-Response Algorithm.
Class Name
IPWorksAuth_OCRA
Procedural Interface
ipworksauth_ocra_open(); ipworksauth_ocra_close($res); ipworksauth_ocra_register_callback($res, $id, $function); ipworksauth_ocra_get_last_error($res); ipworksauth_ocra_get_last_error_code($res); ipworksauth_ocra_set($res, $id, $index, $value); ipworksauth_ocra_get($res, $id, $index); ipworksauth_ocra_do_calculateresponse($res); ipworksauth_ocra_do_config($res, $configurationstring); ipworksauth_ocra_do_createchallenge($res); ipworksauth_ocra_do_reset($res); ipworksauth_ocra_do_verifyresponse($res);
Remarks
The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.
The first step to using the class is creating the Challenge and generating the OCRASuite. This is done by calling the CreateChallenge method. After creating the Challenge and OCRASuite these values are sent to the other party.
When receiving a challenge and OCRASuite the class is use to calculate a response. Set OCRASuite, Challenge, and any other required properties and call CalculateResponse to calculate the Response. Send the Response back to the original party for verification.
After receiving the verification set Challenge, OCRASuite, and Response and call VerifyResponse. VerifyResponse returns True if the response is verified, False otherwise.
Creating the Challenge
The CreateChallenge method creates a Challenge. After calling this method the Challenge property will be populated with the created value.
When ChallengeType is set to ctRandom the following properties are applicable:
When ChallengeType is set to ctSignature the following properties are applicable:
In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Calculating the Response
CalculateResponse calculates Response to the given Challenge.
Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.
Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- Challenge
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Verifying the Response
VerifyResponse verifies the response and returns True or False depending on the result.
Before calling this method set OCRASuite, Challenge, and Response.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- Challenge
- Response
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
Challenge | The challenge value. |
ChallengeFormat | The format in which the challenge will be created. |
ChallengeInput | The input for the signature challenge. |
ChallengeLength | The challenge length. |
ChallengeType | The challenge type. |
Counter | The counter. |
HashAlgorithm | The HMAC Hash Algorithm. |
Key | The secret key. |
OCRASuite | The OCRASuite defines parameters about the challenge and response. |
Password | The password. |
RequireCounter | Whether a Counter value is required to create the response. |
RequirePassword | Whether a Password is required to create the response. |
RequireTimeStamp | Whether a TimeStamp is required to create the response. |
Response | The OCRA response. |
ResponseLength | Defines the length of the response. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
CalculateResponse | This method calculates the response to the given challenge. |
Config | Sets or retrieves a configuration setting. |
CreateChallenge | Creates the challenge. |
Reset | Reset the variables to default value. |
VerifyResponse | This method verifies the response. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Error | Fired when information is available about errors during data delivery. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
CounterHex | The counter value as a hexadecimal string. |
CurrentTime | The current time in milliseconds. |
PasswordHashAlgorithm | The password hash algorithm. |
RequireSessionInfo | Whether to use session information. |
SessionInfo | The session information. |
SessionInfoLength | The length of the session information. |
TimeStepSize | The time step. |
TimeStepUnit | The time step unit. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitiveData | Whether sensitive data is masked in log messages. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseFIPSCompliantAPI | Tells the class whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
Challenge Property (IPWorksAuth_OCRA Class)
The challenge value.
Object Oriented Interface
public function getChallenge(); public function setChallenge($value);
Procedural Interface
ipworksauth_ocra_get($res, 1 ); ipworksauth_ocra_set($res, 1, $value );
Default Value
''
Remarks
This property is populated after calling CreateChallenge. The format is specified by the ChallengeFormat property and the length is defined by the ChallengeLength property.
This property must be specified before calling CalculateResponse or VerifyResponse.
Data Type
Binary String
ChallengeFormat Property (IPWorksAuth_OCRA Class)
The format in which the challenge will be created.
Object Oriented Interface
public function getChallengeFormat(); public function setChallengeFormat($value);
Procedural Interface
ipworksauth_ocra_get($res, 2 ); ipworksauth_ocra_set($res, 2, $value );
Default Value
0
Remarks
This setting specifies the format of the created challenge. This is applicable when calling CreateChallenge. Possible values are:
0 (cfAlphanumeric - default) | Alphanumeric characters |
1 (cfNumeric) | Digits |
2 (cfHex) | Hex characters |
Data Type
Integer
ChallengeInput Property (IPWorksAuth_OCRA Class)
The input for the signature challenge.
Object Oriented Interface
public function getChallengeInput(); public function setChallengeInput($value);
Procedural Interface
ipworksauth_ocra_get($res, 3 ); ipworksauth_ocra_set($res, 3, $value );
Default Value
''
Remarks
This property specifies the data used when creating the signature challenge. This is only used when calling CreateChallenge when ChallengeType is set to Signature.
Data Type
Binary String
ChallengeLength Property (IPWorksAuth_OCRA Class)
The challenge length.
Object Oriented Interface
public function getChallengeLength(); public function setChallengeLength($value);
Procedural Interface
ipworksauth_ocra_get($res, 4 ); ipworksauth_ocra_set($res, 4, $value );
Default Value
8
Remarks
This setting specifies the length of the Challenge that is created when calling CreateChallenge. Valid values are from 4 to 64. The default value is 8.
Data Type
Integer
ChallengeType Property (IPWorksAuth_OCRA Class)
The challenge type.
Object Oriented Interface
public function getChallengeType(); public function setChallengeType($value);
Procedural Interface
ipworksauth_ocra_get($res, 5 ); ipworksauth_ocra_set($res, 5, $value );
Default Value
0
Remarks
This property defines the type of challenge created. Possible values are:
0 (ctRandom - default) | A random challenge is created. |
1 (ctSignature) | A signature challenge is created by signing ChallengeInput. |
When setting this property to 0 (ctRandom) and calling CreateChallenge the class will populate Challenge with a randomly generated value.
When setting this property to 1 (ctSignature) and calling CreateChallenge the class creates a Hash-based Message Authentication Code (HMAC) value using the data specified in ChallengeInput and then populate Challenge with the formatted result.
Data Type
Integer
Counter Property (IPWorksAuth_OCRA Class)
The counter.
Object Oriented Interface
public function getCounter(); public function setCounter($value);
Procedural Interface
ipworksauth_ocra_get($res, 6 ); ipworksauth_ocra_set($res, 6, $value );
Default Value
0
Remarks
This property specifies the counter.
If a counter is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a counter is required assign OCRASuite to the OCRA suite and check the value of RequireCounter.
The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.
Data Type
Long64
HashAlgorithm Property (IPWorksAuth_OCRA Class)
The HMAC Hash Algorithm.
Object Oriented Interface
public function getHashAlgorithm(); public function setHashAlgorithm($value);
Procedural Interface
ipworksauth_ocra_get($res, 7 ); ipworksauth_ocra_set($res, 7, $value );
Default Value
0
Remarks
This property specifies the hash algorithm used by the class. Possible values are:
- 0 (SHA-1 - default)
- 1 (SHA-256)
- 2 (SHA-512)
Data Type
Integer
Key Property (IPWorksAuth_OCRA Class)
The secret key.
Object Oriented Interface
public function getKey(); public function setKey($value);
Procedural Interface
ipworksauth_ocra_get($res, 8 ); ipworksauth_ocra_set($res, 8, $value );
Default Value
''
Remarks
This property holds the secret key used when calling CalculateResponse and VerifyResponse.
This property is also used when calling CreateChallenge when ChallengeType is set to Signature.
An empty key is valid, however it is recommended to provide a key value.
Data Type
Binary String
OCRASuite Property (IPWorksAuth_OCRA Class)
The OCRASuite defines parameters about the challenge and response.
Object Oriented Interface
public function getOCRASuite(); public function setOCRASuite($value);
Procedural Interface
ipworksauth_ocra_get($res, 9 ); ipworksauth_ocra_set($res, 9, $value );
Default Value
''
Remarks
This property holds the OCRASuite value which defines parameters about the challenge and response.
This property will be populated after calling CreateChallenge. This property must be set before calling CalculateResponse or VerifyResponse.
When calling CreateChallenge the following properties will be used to create the OCRASuite:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.
Data Type
String
Password Property (IPWorksAuth_OCRA Class)
The password.
Object Oriented Interface
public function getPassword(); public function setPassword($value);
Procedural Interface
ipworksauth_ocra_get($res, 10 ); ipworksauth_ocra_set($res, 10, $value );
Default Value
''
Remarks
This property specifies the password.
If a password is required this must be set before calling CalculateResponse and VerifyResponse. To determine if a password is required assign OCRASuite to the OCRA suite and check the value of RequirePassword.
Data Type
Binary String
RequireCounter Property (IPWorksAuth_OCRA Class)
Whether a Counter value is required to create the response.
Object Oriented Interface
public function getRequireCounter(); public function setRequireCounter($value);
Procedural Interface
ipworksauth_ocra_get($res, 11 ); ipworksauth_ocra_set($res, 11, $value );
Default Value
false
Remarks
This property specifies whether a Counter value is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
Data Type
Boolean
RequirePassword Property (IPWorksAuth_OCRA Class)
Whether a Password is required to create the response.
Object Oriented Interface
public function getRequirePassword(); public function setRequirePassword($value);
Procedural Interface
ipworksauth_ocra_get($res, 12 ); ipworksauth_ocra_set($res, 12, $value );
Default Value
false
Remarks
This property specifies whether a Password is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
Data Type
Boolean
RequireTimeStamp Property (IPWorksAuth_OCRA Class)
Whether a TimeStamp is required to create the response.
Object Oriented Interface
public function getRequireTimeStamp(); public function setRequireTimeStamp($value);
Procedural Interface
ipworksauth_ocra_get($res, 13 ); ipworksauth_ocra_set($res, 13, $value );
Default Value
false
Remarks
This property specifies whether a TimeStamp is required to create the response.
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
The class will automatically use the current system time when calling CalculateResponse and VerifyResponse if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.
The following settings are also applicable when this value is True:
Data Type
Boolean
Response Property (IPWorksAuth_OCRA Class)
The OCRA response.
Object Oriented Interface
public function getResponse(); public function setResponse($value);
Procedural Interface
ipworksauth_ocra_get($res, 14 ); ipworksauth_ocra_set($res, 14, $value );
Default Value
''
Remarks
This property holds the challenge response.
This is populated after calling CalculateResponse. This must be set before calling VerifyResponse.
Data Type
Binary String
ResponseLength Property (IPWorksAuth_OCRA Class)
Defines the length of the response.
Object Oriented Interface
public function getResponseLength(); public function setResponseLength($value);
Procedural Interface
ipworksauth_ocra_get($res, 15 ); ipworksauth_ocra_set($res, 15, $value );
Default Value
6
Remarks
This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite. When calling CalculateResponse the calculated Response will be a value with this length.
The default value is 6.
Data Type
Integer
CalculateResponse Method (IPWorksAuth_OCRA Class)
This method calculates the response to the given challenge.
Object Oriented Interface
public function doCalculateResponse();
Procedural Interface
ipworksauth_ocra_do_calculateresponse($res);
Remarks
This method calculates Response to the given Challenge.
Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.
Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- Challenge
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Config Method (IPWorksAuth_OCRA Class)
Sets or retrieves a configuration setting.
Object Oriented Interface
public function doConfig($configurationstring);
Procedural Interface
ipworksauth_ocra_do_config($res, $configurationstring);
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
CreateChallenge Method (IPWorksAuth_OCRA Class)
Creates the challenge.
Object Oriented Interface
public function doCreateChallenge();
Procedural Interface
ipworksauth_ocra_do_createchallenge($res);
Remarks
This method creates a Challenge. After calling this method the Challenge property will be populated with the created value.
When ChallengeType is set to ctRandom the following properties are applicable:
When ChallengeType is set to ctSignature the following properties are applicable:
In addition to creating the Challenge this method will also create the OCRASuite which defines parameters required by the other party to calculate a response. The following properties are applicable to OCRASuite creation:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Reset Method (IPWorksAuth_OCRA Class)
Reset the variables to default value.
Object Oriented Interface
public function doReset();
Procedural Interface
ipworksauth_ocra_do_reset($res);
Remarks
This method will reset the variables to default value.
VerifyResponse Method (IPWorksAuth_OCRA Class)
This method verifies the response.
Object Oriented Interface
public function doVerifyResponse();
Procedural Interface
ipworksauth_ocra_do_verifyresponse($res);
Remarks
This method verifies the response and returns True or False depending on the result.
Before calling this method set OCRASuite, Challenge, and Response.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as Counter or Password. Set Challenge to the original challenge that was issued. Set Response to the received response. Set Key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- Challenge
- Response
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Error Event (IPWorksAuth_OCRA Class)
Fired when information is available about errors during data delivery.
Object Oriented Interface
public function fireError($param);
Procedural Interface
ipworksauth_ocra_register_callback($res, 1, array($this, 'fireError'));
Parameter List
'errorcode'
'description'
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Config Settings (OCRA Class)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.OCRA Config Settings
0 | SHA1 |
1 (default) | SHA-256 |
2 | SHA-512 |
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
This may be set before calling CreateChallenge, when the OCRASuite is generated.
When OCRASuite is assigned this value is updated to reflect the options specified in the OCRASuite
Common values are 64, 128, 256, and 512.
0 | Seconds |
1 (default) | Minutes |
2 | Hours |
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details, please see the FIPS 140-2 Compliance article.
Note: This setting is applicable only on Windows.
Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.
Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.
On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.
To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.
Trappable Errors (OCRA Class)
OCRA Errors
101 | Invalid challenge type. |
102 | Invalid challenge length. |
103 | Invalid response length. |
104 | Response must be specified. |
105 | Invalid hash algorithm. |
106 | Invalid challenge format. |
107 | Invalid password hash algorithm. |
108 | Invalid time step unit. |
109 | Invalid OCRASuite. |
110 | OCRASuite must be specified. |
111 | Challenge must be specified. |
112 | ChallengeInput must be specified. |
113 | Password must be specified. |