OCRA Class
Properties Methods Events Config Settings Errors
The OCRA class implements the OATH Challenge-Response Algorithm.
Syntax
class ipworksauth.OCRA
Remarks
The OCRA component provides a simple way to create challenges, calculate responses, and verify responses using the OATH Challenge-Response Algorithm.
The first step to using the class is creating the challenge and generating the ocra_suite. This is done by calling the create_challenge method. After creating the challenge and ocra_suite these values are sent to the other party.
When receiving a challenge and OCRASuite the class is use to calculate a response. Set ocra_suite, challenge, and any other required properties and call calculate_response to calculate the response. Send the response back to the original party for verification.
After receiving the verification set challenge, ocra_suite, and response and call verify_response. verify_response returns True if the response is verified, False otherwise.
Creating the Challenge
The create_challenge method creates a challenge. After calling this method the challenge property will be populated with the created value.
When challenge_type is set to ctRandom the following properties are applicable:
When challenge_type is set to ctSignature the following properties are applicable:
In addition to creating the challenge this method will also create the ocra_suite which defines parameters required by the other party to calculate a response. The following properties are applicable to ocra_suite creation:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Calculating the Response
calculate_response calculates response to the given challenge.
Before calling this method set ocra_suite to the suite obtained from the other party and set challenge to the received challenge.
After setting ocra_suite the following properties are populated, which provide requirements for the response:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as counter or password. Set key to the key used during the HMAC computation. Set challenge to the received challenge.
Call this method to calculate the response. After calling this method the response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- challenge
- counter
- hash_algorithm
- key
- ocra_suite
- password
- response_length
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Verifying the Response
verify_response verifies the response and returns True or False depending on the result.
Before calling this method set ocra_suite, challenge, and response.
After setting ocra_suite the following properties are populated, which provide requirements for the response:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as counter or password. Set challenge to the original challenge that was issued. Set response to the received response. Set key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- challenge
- response
- counter
- hash_algorithm
- key
- ocra_suite
- password
- response_length
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| challenge | The challenge value. |
| challenge_format | The format in which the challenge will be created. |
| challenge_input | The input for the signature challenge. |
| challenge_length | The challenge length. |
| challenge_type | The challenge type. |
| counter | The counter. |
| hash_algorithm | The HMAC Hash Algorithm. |
| key | The secret key. |
| ocra_suite | The OCRASuite defines parameters about the challenge and response. |
| password | The password. |
| require_counter | Whether a Counter value is required to create the response. |
| require_password | Whether a Password is required to create the response. |
| require_time_stamp | Whether a TimeStamp is required to create the response. |
| response | The OCRA response. |
| response_length | Defines the length of the response. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| calculate_response | This method calculates the response to the given challenge. |
| config | Sets or retrieves a configuration setting. |
| create_challenge | Creates the challenge. |
| reset | Reset the variables to default value. |
| verify_response | This method verifies the response. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_error | Fired when information is available about errors during data delivery. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
| CounterHex | The counter value as a hexadecimal string. |
| CurrentTime | The current time in milliseconds. |
| PasswordHashAlgorithm | The password hash algorithm. |
| RequireSessionInfo | Whether to use session information. |
| SessionInfo | The session information. |
| SessionInfoLength | The length of the session information. |
| TimeStepSize | The time step. |
| TimeStepUnit | The time step unit. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| MaskSensitiveData | Whether sensitive data is masked in log messages. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseFIPSCompliantAPI | Tells the class whether or not to use FIPS certified APIs. |
| UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
challenge Property
The challenge value.
Syntax
def get_challenge() -> bytes: ... def set_challenge(value: bytes) -> None: ...
challenge = property(get_challenge, set_challenge)
Default Value
""
Remarks
This property is populated after calling create_challenge. The format is specified by the challenge_format property and the length is defined by the challenge_length property.
This property must be specified before calling calculate_response or verify_response.
challenge_format Property
The format in which the challenge will be created.
Syntax
def get_challenge_format() -> int: ... def set_challenge_format(value: int) -> None: ...
challenge_format = property(get_challenge_format, set_challenge_format)
Default Value
0
Remarks
This setting specifies the format of the created challenge. This is applicable when calling create_challenge. Possible values are:
| 0 (cfAlphanumeric - default) | Alphanumeric characters |
| 1 (cfNumeric) | Digits |
| 2 (cfHex) | Hex characters |
challenge_input Property
The input for the signature challenge.
Syntax
def get_challenge_input() -> bytes: ... def set_challenge_input(value: bytes) -> None: ...
challenge_input = property(get_challenge_input, set_challenge_input)
Default Value
""
Remarks
This property specifies the data used when creating the signature challenge. This is only used when calling create_challenge when challenge_type is set to Signature.
challenge_length Property
The challenge length.
Syntax
def get_challenge_length() -> int: ... def set_challenge_length(value: int) -> None: ...
challenge_length = property(get_challenge_length, set_challenge_length)
Default Value
8
Remarks
This setting specifies the length of the challenge that is created when calling create_challenge. Valid values are from 4 to 64. The default value is 8.
challenge_type Property
The challenge type.
Syntax
def get_challenge_type() -> int: ... def set_challenge_type(value: int) -> None: ...
challenge_type = property(get_challenge_type, set_challenge_type)
Default Value
0
Remarks
This property defines the type of challenge created. Possible values are:
| 0 (ctRandom - default) | A random challenge is created. |
| 1 (ctSignature) | A signature challenge is created by signing challenge_input. |
When setting this property to 0 (ctRandom) and calling create_challenge the class will populate challenge with a randomly generated value.
When setting this property to 1 (ctSignature) and calling create_challenge the class creates a Hash-based Message Authentication Code (HMAC) value using the data specified in challenge_input and then populate challenge with the formatted result.
counter Property
The counter.
Syntax
def get_counter() -> int: ... def set_counter(value: int) -> None: ...
counter = property(get_counter, set_counter)
Default Value
0
Remarks
This property specifies the counter.
If a counter is required this must be set before calling calculate_response and verify_response. To determine if a counter is required assign ocra_suite to the OCRA suite and check the value of require_counter.
The counter value should begin at 0 be incremented until the maximum value is reached. After the maximum is reached the counter value should start again at 0.
hash_algorithm Property
The HMAC Hash Algorithm.
Syntax
def get_hash_algorithm() -> int: ... def set_hash_algorithm(value: int) -> None: ...
hash_algorithm = property(get_hash_algorithm, set_hash_algorithm)
Default Value
0
Remarks
This property specifies the hash algorithm used by the class. Possible values are:
- 0 (SHA-1 - default)
- 1 (SHA-256)
- 2 (SHA-512)
key Property
The secret key.
Syntax
def get_key() -> bytes: ... def set_key(value: bytes) -> None: ...
key = property(get_key, set_key)
Default Value
""
Remarks
This property holds the secret key used when calling calculate_response and verify_response.
This property is also used when calling create_challenge when challenge_type is set to Signature.
An empty key is valid, however it is recommended to provide a key value.
ocra_suite Property
The OCRASuite defines parameters about the challenge and response.
Syntax
def get_ocra_suite() -> str: ... def set_ocra_suite(value: str) -> None: ...
ocra_suite = property(get_ocra_suite, set_ocra_suite)
Default Value
""
Remarks
This property holds the OCRASuite value which defines parameters about the challenge and response.
This property will be populated after calling create_challenge. This property must be set before calling calculate_response or verify_response.
When calling create_challenge the following properties will be used to create the OCRASuite:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
When this property is set the value is parsed and the above properties are populated to reflect the requirements defined by the OCRASuite.
password Property
The password.
Syntax
def get_password() -> bytes: ... def set_password(value: bytes) -> None: ...
password = property(get_password, set_password)
Default Value
""
Remarks
This property specifies the password.
If a password is required this must be set before calling calculate_response and verify_response. To determine if a password is required assign ocra_suite to the OCRA suite and check the value of require_password.
require_counter Property
Whether a Counter value is required to create the response.
Syntax
def get_require_counter() -> bool: ... def set_require_counter(value: bool) -> None: ...
require_counter = property(get_require_counter, set_require_counter)
Default Value
FALSE
Remarks
This property specifies whether a Counter value is required to create the response.
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite
require_password Property
Whether a Password is required to create the response.
Syntax
def get_require_password() -> bool: ... def set_require_password(value: bool) -> None: ...
require_password = property(get_require_password, set_require_password)
Default Value
FALSE
Remarks
This property specifies whether a Password is required to create the response.
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite
require_time_stamp Property
Whether a TimeStamp is required to create the response.
Syntax
def get_require_time_stamp() -> bool: ... def set_require_time_stamp(value: bool) -> None: ...
require_time_stamp = property(get_require_time_stamp, set_require_time_stamp)
Default Value
FALSE
Remarks
This property specifies whether a TimeStamp is required to create the response.
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite
The class will automatically use the current system time when calling calculate_response and verify_response if this property is True. The CurrentTime setting may be set to specify the time instead of using the system time.
The following settings are also applicable when this value is True:
response Property
The OCRA response.
Syntax
def get_response() -> bytes: ... def set_response(value: bytes) -> None: ...
response = property(get_response, set_response)
Default Value
""
Remarks
This property holds the challenge response.
This is populated after calling calculate_response. This must be set before calling verify_response.
response_length Property
Defines the length of the response.
Syntax
def get_response_length() -> int: ... def set_response_length(value: int) -> None: ...
response_length = property(get_response_length, set_response_length)
Default Value
6
Remarks
This property specifies the desired response length. Valid values are 4-10, and 0. Values 4-10 will result in a numeric value of that length. The value 0 indicates no truncation and the raw HMAC value is returned in the response
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite. When calling calculate_response the calculated response will be a value with this length.
The default value is 6.
calculate_response Method
This method calculates the response to the given challenge.
Syntax
def calculate_response() -> None: ...
Remarks
This method calculates response to the given challenge.
Before calling this method set ocra_suite to the suite obtained from the other party and set challenge to the received challenge.
After setting ocra_suite the following properties are populated, which provide requirements for the response:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as counter or password. Set key to the key used during the HMAC computation. Set challenge to the received challenge.
Call this method to calculate the response. After calling this method the response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- challenge
- counter
- hash_algorithm
- key
- ocra_suite
- password
- response_length
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
config Method
Sets or retrieves a configuration setting.
Syntax
def config(configuration_string: str) -> str: ...
Remarks
config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
create_challenge Method
Creates the challenge.
Syntax
def create_challenge() -> None: ...
Remarks
This method creates a challenge. After calling this method the challenge property will be populated with the created value.
When challenge_type is set to ctRandom the following properties are applicable:
When challenge_type is set to ctSignature the following properties are applicable:
In addition to creating the challenge this method will also create the ocra_suite which defines parameters required by the other party to calculate a response. The following properties are applicable to ocra_suite creation:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
reset Method
Reset the variables to default value.
Syntax
def reset() -> None: ...
Remarks
This method will reset the variables to default value.
verify_response Method
This method verifies the response.
Syntax
def verify_response() -> bool: ...
Remarks
This method verifies the response and returns True or False depending on the result.
Before calling this method set ocra_suite, challenge, and response.
After setting ocra_suite the following properties are populated, which provide requirements for the response:
- challenge_format
- hash_algorithm
- response_length
- require_counter
- require_password
- require_time_stamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
These properties may be inspected to determine the requirements. Provide any required values such as counter or password. Set challenge to the original challenge that was issued. Set response to the received response. Set key to the key used during the HMAC computation.
Call this method to verify the response. The method will return True if the verification was successful, False otherwise.
The following properties are applicable when calling this method:
- challenge
- response
- counter
- hash_algorithm
- key
- ocra_suite
- password
- response_length
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctRandom;
ocra.ChallengeLength = 10;
ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "3891592139"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
Signature Challenge Example
//First create the challenge on machine A
Ocra ocra = new Ocra();
ocra.ChallengeType = OcraChallengeTypes.ctSignature;
ocra.ChallengeInput = "test input";
ocra.Key = "signature key";
ocra.ChallengeFormat = OcraChallengeFormats.cfHex;
ocra.CreateChallenge();
string challenge = ocra.Challenge; //Value like "973131F0"
string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08"
//Send Challenge and OCRASuite to Machine B
//Upon receiving the challenge on Machine B, calculate a response
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Received from other party
ocra.Challenge = challenge; //Received from other party
ocra.Key = "shared secret key";
ocra.CalculateResponse();
string response = ocra.Response; //Value like "574464"
//Send Response back to Machine A
//Upon receiving the response on Machine A, verify it
ocra = new Ocra();
ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge
ocra.Challenge = challenge; //Original challenge that was sent
ocra.Response = response; //Received from other party
ocra.Key = "shared secret key";
bool isValid = ocra.VerifyResponse(); //Returns True if verified
on_error Event
Fired when information is available about errors during data delivery.
Syntax
class OCRAErrorEventParams(object): @property def error_code() -> int: ... @property def description() -> str: ... # In class OCRA: @property def on_error() -> Callable[[OCRAErrorEventParams], None]: ... @on_error.setter def on_error(event_hook: Callable[[OCRAErrorEventParams], None]) -> None: ...
Remarks
The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
OCRA Config Settings
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.OCRA Config Settings
| 0 | SHA1 |
| 1 (default) | SHA-256 |
| 2 | SHA-512 |
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite
This may be set before calling create_challenge, when the ocra_suite is generated.
When ocra_suite is assigned this value is updated to reflect the options specified in the ocra_suite
Common values are 64, 128, 256, and 512.
| 0 | Seconds |
| 1 (default) | Minutes |
| 2 | Hours |
Base Config Settings
The following is a list of valid code page identifiers:
| Identifier | Name |
| 037 | IBM EBCDIC - U.S./Canada |
| 437 | OEM - United States |
| 500 | IBM EBCDIC - International |
| 708 | Arabic - ASMO 708 |
| 709 | Arabic - ASMO 449+, BCON V4 |
| 710 | Arabic - Transparent Arabic |
| 720 | Arabic - Transparent ASMO |
| 737 | OEM - Greek (formerly 437G) |
| 775 | OEM - Baltic |
| 850 | OEM - Multilingual Latin I |
| 852 | OEM - Latin II |
| 855 | OEM - Cyrillic (primarily Russian) |
| 857 | OEM - Turkish |
| 858 | OEM - Multilingual Latin I + Euro symbol |
| 860 | OEM - Portuguese |
| 861 | OEM - Icelandic |
| 862 | OEM - Hebrew |
| 863 | OEM - Canadian-French |
| 864 | OEM - Arabic |
| 865 | OEM - Nordic |
| 866 | OEM - Russian |
| 869 | OEM - Modern Greek |
| 870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
| 874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
| 875 | IBM EBCDIC - Modern Greek |
| 932 | ANSI/OEM - Japanese, Shift-JIS |
| 936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
| 949 | ANSI/OEM - Korean (Unified Hangul Code) |
| 950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
| 1026 | IBM EBCDIC - Turkish (Latin-5) |
| 1047 | IBM EBCDIC - Latin 1/Open System |
| 1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
| 1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
| 1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
| 1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
| 1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
| 1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
| 1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
| 1147 | IBM EBCDIC - France (20297 + Euro symbol) |
| 1148 | IBM EBCDIC - International (500 + Euro symbol) |
| 1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
| 1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
| 1201 | Unicode UCS-2 Big-Endian |
| 1250 | ANSI - Central European |
| 1251 | ANSI - Cyrillic |
| 1252 | ANSI - Latin I |
| 1253 | ANSI - Greek |
| 1254 | ANSI - Turkish |
| 1255 | ANSI - Hebrew |
| 1256 | ANSI - Arabic |
| 1257 | ANSI - Baltic |
| 1258 | ANSI/OEM - Vietnamese |
| 1361 | Korean (Johab) |
| 10000 | MAC - Roman |
| 10001 | MAC - Japanese |
| 10002 | MAC - Traditional Chinese (Big5) |
| 10003 | MAC - Korean |
| 10004 | MAC - Arabic |
| 10005 | MAC - Hebrew |
| 10006 | MAC - Greek I |
| 10007 | MAC - Cyrillic |
| 10008 | MAC - Simplified Chinese (GB 2312) |
| 10010 | MAC - Romania |
| 10017 | MAC - Ukraine |
| 10021 | MAC - Thai |
| 10029 | MAC - Latin II |
| 10079 | MAC - Icelandic |
| 10081 | MAC - Turkish |
| 10082 | MAC - Croatia |
| 12000 | Unicode UCS-4 Little-Endian |
| 12001 | Unicode UCS-4 Big-Endian |
| 20000 | CNS - Taiwan |
| 20001 | TCA - Taiwan |
| 20002 | Eten - Taiwan |
| 20003 | IBM5550 - Taiwan |
| 20004 | TeleText - Taiwan |
| 20005 | Wang - Taiwan |
| 20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
| 20106 | IA5 German (7-bit) |
| 20107 | IA5 Swedish (7-bit) |
| 20108 | IA5 Norwegian (7-bit) |
| 20127 | US-ASCII (7-bit) |
| 20261 | T.61 |
| 20269 | ISO 6937 Non-Spacing Accent |
| 20273 | IBM EBCDIC - Germany |
| 20277 | IBM EBCDIC - Denmark/Norway |
| 20278 | IBM EBCDIC - Finland/Sweden |
| 20280 | IBM EBCDIC - Italy |
| 20284 | IBM EBCDIC - Latin America/Spain |
| 20285 | IBM EBCDIC - United Kingdom |
| 20290 | IBM EBCDIC - Japanese Katakana Extended |
| 20297 | IBM EBCDIC - France |
| 20420 | IBM EBCDIC - Arabic |
| 20423 | IBM EBCDIC - Greek |
| 20424 | IBM EBCDIC - Hebrew |
| 20833 | IBM EBCDIC - Korean Extended |
| 20838 | IBM EBCDIC - Thai |
| 20866 | Russian - KOI8-R |
| 20871 | IBM EBCDIC - Icelandic |
| 20880 | IBM EBCDIC - Cyrillic (Russian) |
| 20905 | IBM EBCDIC - Turkish |
| 20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
| 20932 | JIS X 0208-1990 & 0121-1990 |
| 20936 | Simplified Chinese (GB2312) |
| 21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
| 21027 | Extended Alpha Lowercase |
| 21866 | Ukrainian (KOI8-U) |
| 28591 | ISO 8859-1 Latin I |
| 28592 | ISO 8859-2 Central Europe |
| 28593 | ISO 8859-3 Latin 3 |
| 28594 | ISO 8859-4 Baltic |
| 28595 | ISO 8859-5 Cyrillic |
| 28596 | ISO 8859-6 Arabic |
| 28597 | ISO 8859-7 Greek |
| 28598 | ISO 8859-8 Hebrew |
| 28599 | ISO 8859-9 Latin 5 |
| 28605 | ISO 8859-15 Latin 9 |
| 29001 | Europa 3 |
| 38598 | ISO 8859-8 Hebrew |
| 50220 | ISO 2022 Japanese with no halfwidth Katakana |
| 50221 | ISO 2022 Japanese with halfwidth Katakana |
| 50222 | ISO 2022 Japanese JIS X 0201-1989 |
| 50225 | ISO 2022 Korean |
| 50227 | ISO 2022 Simplified Chinese |
| 50229 | ISO 2022 Traditional Chinese |
| 50930 | Japanese (Katakana) Extended |
| 50931 | US/Canada and Japanese |
| 50933 | Korean Extended and Korean |
| 50935 | Simplified Chinese Extended and Simplified Chinese |
| 50936 | Simplified Chinese |
| 50937 | US/Canada and Traditional Chinese |
| 50939 | Japanese (Latin) Extended and Japanese |
| 51932 | EUC - Japanese |
| 51936 | EUC - Simplified Chinese |
| 51949 | EUC - Korean |
| 51950 | EUC - Traditional Chinese |
| 52936 | HZ-GB2312 Simplified Chinese |
| 54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
| 57002 | ISCII Devanagari |
| 57003 | ISCII Bengali |
| 57004 | ISCII Tamil |
| 57005 | ISCII Telugu |
| 57006 | ISCII Assamese |
| 57007 | ISCII Oriya |
| 57008 | ISCII Kannada |
| 57009 | ISCII Malayalam |
| 57010 | ISCII Gujarati |
| 57011 | ISCII Punjabi |
| 65000 | Unicode UTF-7 |
| 65001 | Unicode UTF-8 |
| Identifier | Name |
| 1 | ASCII |
| 2 | NEXTSTEP |
| 3 | JapaneseEUC |
| 4 | UTF8 |
| 5 | ISOLatin1 |
| 6 | Symbol |
| 7 | NonLossyASCII |
| 8 | ShiftJIS |
| 9 | ISOLatin2 |
| 10 | Unicode |
| 11 | WindowsCP1251 |
| 12 | WindowsCP1252 |
| 13 | WindowsCP1253 |
| 14 | WindowsCP1254 |
| 15 | WindowsCP1250 |
| 21 | ISO2022JP |
| 30 | MacOSRoman |
| 10 | UTF16String |
| 0x90000100 | UTF16BigEndian |
| 0x94000100 | UTF16LittleEndian |
| 0x8c000100 | UTF32String |
| 0x98000100 | UTF32BigEndian |
| 0x9c000100 | UTF32LittleEndian |
| 65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details, please see the FIPS 140-2 Compliance article.
Note: This setting is applicable only on Windows.
Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.
Setting this configuration setting to True tells the class to use the internal implementation instead of using the system security libraries.
On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default.
To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.
OCRA Errors
OCRA Errors
| 101 | Invalid challenge type. |
| 102 | Invalid challenge length. |
| 103 | Invalid response length. |
| 104 | Response must be specified. |
| 105 | Invalid hash algorithm. |
| 106 | Invalid challenge format. |
| 107 | Invalid password hash algorithm. |
| 108 | Invalid time step unit. |
| 109 | Invalid OCRASuite. |
| 110 | OCRASuite must be specified. |
| 111 | Challenge must be specified. |
| 112 | ChallengeInput must be specified. |
| 113 | Password must be specified. |