otp

package module
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

README

otp

Go Reference Go Report Card Go Version License

A Go library for generating and validating One-Time Passwords (OTPs), implementing HOTP (RFC 4226) and TOTP (RFC 6238).

Features

  • HOTP — Counter-based OTP (RFC 4226)
  • TOTP — Time-based OTP (RFC 6238)
  • 10 hash algorithms — SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD5
  • Steam Guard encoder support
  • Secret management — Generate, import (Base32/Hex/Bytes), and securely clear secrets
  • QR code generation — For authenticator app enrollment
  • Replay protection — Prevent re-use of previously accepted OTPs
  • Unicode NFKC normalization — Fullwidth digit support for international users
  • RFC-compliant defaults — SHA1/6-digit/30s for Google Authenticator compatibility
  • Security guardrails — HTTPS-only image URLs, parameter injection prevention, window/digit/period limits

Install

go get github.com/unitsvc/otp

Quick Start

TOTP — Generate and Validate
package main

import (
    "fmt"
    "time"

    "github.com/unitsvc/otp/totp"
)

func main() {
    // Generate a new TOTP key
    key, err := totp.Generate(totp.GenerateOpts{
        Issuer:      "Example",
        AccountName: "user@example.com",
    })
    if err != nil {
        panic(err)
    }

    // Display the secret and QR code
    fmt.Println("Secret:", key.Secret())

    // Validate a passcode
    passcode := "123456" // user-provided
    valid := totp.Validate(passcode, key.Secret())
    fmt.Println("Valid:", valid)
}
HOTP — Counter-based
key, _ := hotp.Generate(hotp.GenerateOpts{
    Issuer:      "Example",
    AccountName: "user@example.com",
})

code, _ := hotp.GenerateCode(key.Secret(), 0)
valid := hotp.Validate(code, 0, key.Secret())
Secret Management
// Generate a random 20-byte secret
sec, _ := secret.New(20)
fmt.Println(sec.Base32())  // JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP

// Import from Base32
sec, _ = secret.FromBase32("JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP")

// Securely clear when done
sec.Clear()

API Reference

Core Types (otp package)
Type Description
Algorithm Hash algorithm: AlgorithmSHA1, AlgorithmSHA256, AlgorithmSHA512, AlgorithmSHA224, AlgorithmSHA384, AlgorithmSHA3_224, AlgorithmSHA3_256, AlgorithmSHA3_384, AlgorithmSHA3_512, AlgorithmMD5
AlgorithmCompat Alias for AlgorithmSHA1 (Google Authenticator compatible)
AlgorithmSecure Alias for AlgorithmSHA256 (recommended)
Digits Digit count: DigitsSix (default), DigitsEight
Encoder Output format: EncoderDefault, EncoderSteam
Key OTP key with methods: Type(), Secret(), Issuer(), AccountName(), Algorithm(), Digits(), Period(), Counter(), URL(), Image(), ImageURL(), Encoder(), GetExtraParam(name)
ValidationResult Structured validation result: Valid, Delta (offset from expected), Step (matched counter/step) 
algo, _ := otp.ParseAlgorithm("SHA256")     // parse from string (accepts aliases: SHA-256, SHA2-256, SSL3-SHA1)
key, _ := otp.NewKeyFromURL("otpauth://...")  // parse otpauth URI
h, _ := algo.HashChecked()                    // safe hash accessor (errors on unknown algorithms)
key.GetExtraParam("source")                   // read custom URI parameter → "web"
TOTP (totp package)
Function Description
Validate(passcode, secret string) bool Validate with defaults (SHA1, 30s, 6 digits)
ValidateSecure(passcode, secret string) bool Validate with SHA256
GenerateCode(secret string, t time.Time) (string, error) Generate code with defaults
GenerateCodeSecure(secret string, t time.Time) (string, error) Generate code with SHA256
GenerateCodeCustom(secret string, t time.Time, opts ValidateOpts) (string, error) Generate with custom opts
ValidateCustom(passcode, secret string, t time.Time, opts ValidateOpts) (bool, error) Validate with custom opts
ValidateCustomStep(...) Validate and return the matched time step
ValidateCustomResult(...) Validate and return ValidationResult
ValidateStep(passcode, secret string) (bool, uint64) Convenience: validate + return step
ValidateCustomSkewPolicy(...) Validate with asymmetric past/future skew
ValidateRFCCompliant(...) RFC 6238-compliant validation (past only)
Generate(opts GenerateOpts) (*otp.Key, error) Create a new TOTP key
Counter(period uint, t time.Time) uint64 Calculate time-step counter (T0=0)
CounterWithT0(period uint, t0 int64, t time.Time) uint64 Counter with custom T0 epoch offset
Remaining(period uint, t time.Time) uint64 Milliseconds until next rotation (T0=0)
RemainingWithT0(period uint, t0 int64, t time.Time) uint64 Remaining with custom T0 epoch offset
RemainingDefault(t time.Time) uint64 Remaining with period=30 
// Custom algorithm and digits
code, _ := totp.GenerateCodeCustom(secret, time.Now(), totp.ValidateOpts{
    Period:    60,
    Digits:    otp.DigitsEight,
    Algorithm: otp.AlgorithmSHA512,
})

// Replay protection — reject codes from steps already used
valid, step, _ := totp.ValidateCustomStep(code, secret, time.Now(), totp.ValidateOpts{
    Period:    30,
    AfterStep: lastUsedStep, // zero-value = disabled
})

// Structured result with clock drift detection
result, _ := totp.ValidateCustomResult(code, secret, time.Now(), opts)
fmt.Println(result.Delta) // 0=exact, -1=past, +1=future
HOTP (hotp package)
Function Description
Validate(passcode string, counter uint64, secret string) bool Validate with defaults
ValidateSecure(passcode string, counter uint64, secret string) bool Validate with SHA256
GenerateCode(secret string, counter uint64) (string, error) Generate code
GenerateCodeSecure(secret string, counter uint64) (string, error) Generate code with SHA256
GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (string, error) Generate with custom opts
ValidateCustom(passcode string, counter uint64, secret string, opts ValidateOpts) (bool, error) Validate with custom opts
ValidateCustomNormalized(passcode string, counter uint64, secret string, opts ValidateOpts) (bool, error) Validate with NFKC normalization
ValidateCustomWindow(passcode string, counter uint64, secret string, opts ValidateOptsWithWindow) (int, bool, error) Window validation with replay protection
Generate(opts GenerateOpts) (*otp.Key, error) Create a new HOTP key 
// Window validation with replay protection
delta, found, _ := hotp.ValidateCustomWindow(code, expectedCounter, secret,
    hotp.ValidateOptsWithWindow{
        Window:       2,
        AfterCounter: lastUsedCounter, // reject counters <= this value
    })
Secret (secret package)
Function Description
New(size int) (*Secret, error) Random secret (16–64 bytes)
FromBytes(b []byte) (*Secret, error) From raw bytes (copied)
FromBase32(s string) (*Secret, error) From Base32 string
FromHex(s string) (*Secret, error) From hex string

Secret methods: Bytes(), Base32(), Base32WithPadding(), Hex(), Len(), Clear()

Advanced Usage

QR Code Enrollment
key, _ := totp.Generate(totp.GenerateOpts{
    Issuer:      "MyApp",
    AccountName: "alice@example.com",
    ImageURL:    "https://myapp.com/logo.png", // HTTPS required
})

// Generate 200x200 QR code image
img, _ := key.Image(200, 200)
Steam Guard
code, _ := totp.GenerateCodeCustom(secret, time.Now(), totp.ValidateOpts{
    Digits: 5,
    Encoder: otp.EncoderSteam,
})
Unicode NFKC Normalization
// Accepts fullwidth digits: ABC123 → ABC123
valid, _ := hotp.ValidateCustomNormalized(passcode, counter, secret, opts)
URI Generation with Custom Parameters
key, _ := totp.Generate(totp.GenerateOpts{
    Issuer:      "MyApp",
    AccountName: "user@example.com",
    Algorithm:   otp.AlgorithmSHA256,
    Digits:      otp.DigitsEight,
    Period:      60,
    SecretSize:  32,
    ExtraParams: map[string]string{"source": "web"}, // custom URI parameters
})
// URI omits default params (SHA1, 6 digits, 30s) for compact QR codes
fmt.Println(key.URL())
// otpauth://totp/MyApp:user@example.com?algorithm=SHA256&digits=8&period=60&source=web&...

// Read custom params back from a parsed key
key.GetExtraParam("source") // → "web"
SkewPolicy — Asymmetric Time Window
// RFC 6238 recommended: allow 1 past period only (no future)
valid, step, delta, _ := totp.ValidateCustomSkewPolicy(code, secret, time.Now(),
    totp.ValidateOptsWithSkewPolicy{
        SkewPolicy: totp.SkewPolicy{Past: 1, Future: 0},
    })
Google Authenticator Compatibility
// Append trailing & to work around Google Authenticator parsing bug
// See: https://github.com/pquerna/otp/issues/94
key, _ := totp.Generate(totp.GenerateOpts{
    Issuer:                    "MyApp",
    AccountName:               "user@example.com",
    GoogleAuthenticatorCompat: true,
})
T0 Epoch Offset
// Custom epoch for time-step calculation (default T0=0 = Unix epoch)
step := totp.CounterWithT0(30, 1700000000, time.Now())
remaining := totp.RemainingWithT0(30, 1700000000, time.Now())
IssuerInLabelOmit
// Omit issuer from URI label path (only in query parameter)
key, _ := totp.Generate(totp.GenerateOpts{
    Issuer:            "MyApp",
    AccountName:       "user@example.com",
    IssuerInLabelOmit: true,
})
// otpauth://totp/user@example.com?issuer=MyApp&secret=...

Algorithm Support

Algorithm Digest Size Notes
AlgorithmSHA1 20 bytes Default; Google Authenticator compatible
AlgorithmSHA256 32 bytes Recommended for new deployments
AlgorithmSHA512 64 bytes
AlgorithmSHA224 28 bytes
AlgorithmSHA384 48 bytes
AlgorithmSHA3-224 28 bytes
AlgorithmSHA3-256 32 bytes
AlgorithmSHA3-384 48 bytes
AlgorithmSHA3-512 64 bytes
AlgorithmMD5 16 bytes Rejected — digest too small for dynamic truncation

Aliases: ParseAlgorithm accepts "SHA-256", "SHA2-256", "SSL3-SHA1" etc.

Examples

See the example/ directory for complete working programs:

  • example/main.go — Basic TOTP enrollment with QR code
  • example/totp/ — TOTP features (algorithms, SkewPolicy, Steam, replay, ExtraParams, GoogleAuthenticatorCompat)
  • example/hotp/ — HOTP features (counter, window, replay protection, ExtraParams, GoogleAuthenticatorCompat)
  • example/otp/ — Core types (algorithms, URI parsing, HashChecked, GetExtraParam, ValidationResult)
  • example/secret/ — Secret management (generate, import, clear)

Security Considerations

  • Secrets are validated to be 16–64 bytes per RFC 4226 Section 4
  • Image URLs must be HTTPS — HTTP, javascript:, and file:// are rejected
  • Parameter injection is prevented& and = in values are percent-encoded
  • Window/digit/period limits — Prevent misconfiguration (e.g., window > 10)
  • Replay protectionAfterCounter/AfterStep prevent OTP re-use
  • Secret.Clear() — Zeros the internal buffer when no longer needed
  • Secret.Bytes() — Returns a copy; mutating does not affect the original
  • MD5 is rejected — 16-byte digest is too small for the dynamic truncation algorithm

Compatibility

Compatible with all major authenticator apps:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • FreeOTP
  • andOTP / Aegis
  • 1Password

License

Licensed under the Apache License, Version 2.0.

Documentation

Overview

Package otp implements both HOTP and TOTP based one time passcodes in a Google Authenticator compatible manner.

When adding a TOTP for a user, you must store the "secret" value persistently. It is recommended to store the secret in an encrypted field in your datastore. Due to how TOTP works, it is not possible to store a hash for the secret value like you would a password.

To enroll a user, you must first generate an OTP for them. Google Authenticator supports using a QR code as an enrollment method: 

import (
	"github.com/unitsvc/otp/totp"

	"bytes"
	"image/png"
)

key, err := totp.Generate(totp.GenerateOpts{
		Issuer: "Example.com",
		AccountName: "alice@example.com",
})

// Convert TOTP key into a QR code encoded as a PNG image.
var buf bytes.Buffer
img, err := key.Image(200, 200)
png.Encode(&buf, img)

// display the QR code to the user.
display(buf.Bytes())

// Now Validate that the user's successfully added the passcode.
passcode := promptForPasscode()
valid := totp.Validate(passcode, key.Secret())

if valid {
	// User successfully used their TOTP, save it to your backend!
	storeSecret("alice@example.com", key.Secret())
}

Validating a TOTP passcode is very easy, just prompt the user for a passcode and retrieve the associated user's previously stored secret. 

import "github.com/unitsvc/otp/totp"

passcode := promptForPasscode()
secret := getSecret("alice@example.com")

valid := totp.Validate(passcode, secret)

if valid {
	// Success! continue login process.
}

Index

Constants

View Source 
const AlgorithmCompat = AlgorithmSHA1

AlgorithmCompat is the compatibility default (SHA1). Use for maximum compatibility with all authenticator apps including Google Authenticator, Microsoft Authenticator, Authy, and others.

This is the zero-value default for ValidateOpts.Algorithm.

View Source 
const AlgorithmSecure = AlgorithmSHA256

AlgorithmSecure is the security-recommended algorithm (SHA256). Use for new deployments where all clients support SHA256: - Google Authenticator 2.0+ - Microsoft Authenticator - Authy - KeePassXC - WinAuth - Bitwarden

Note: Some older authenticator apps may not support SHA256.

Variables

View Source 
var ErrAlgorithmDigestInsufficient = errors.New("algorithm produces insufficient digest size for OTP generation")
View Source 
var ErrColonInAccountName = errors.New("invalid colon in account name")
View Source 
var ErrColonInIssuer = errors.New("invalid colon in issuer name")
View Source 
var ErrDigestTooSmall = errors.New("HMAC digest size too small, must be at least 19 bytes for dynamic truncation safety")

Security validation errors.

View Source 
var ErrDigitsOutOfRange = errors.New("digits out of range: default encoder requires 6-10, Steam encoder allows 5-10")
View Source 
var ErrGenerateMissingAccountName = errors.New("accountName must be set")

When generating a Key, the Account Name must be set.

View Source 
var ErrGenerateMissingIssuer = errors.New("issuer must be set")

When generating a Key, the Issuer must be set.

View Source 
var ErrInvalidAlgorithm = errors.New("invalid 'algorithm' parameter")
View Source 
var ErrInvalidCounter = errors.New("invalid 'counter' parameter")
View Source 
var ErrInvalidDigits = errors.New("invalid 'digits' parameter")
View Source 
var ErrInvalidEncoder = errors.New("invalid encoder: must be EncoderDefault or EncoderSteam")
View Source 
var ErrInvalidImageURL = errors.New("image URL must be a valid HTTPS URL")
View Source 
var ErrInvalidPeriod = errors.New("invalid 'period' parameter")
View Source 
var ErrInvalidSecretFormat = errors.New("invalid 'secret' format, must be valid Base32")
View Source 
var ErrInvalidURIChars = errors.New("issuer or account name contains invalid characters (control chars)")
View Source 
var ErrInvalidURIFormat = errors.New("invalid URI format")

URI format validation errors.

View Source 
var ErrInvalidURIScheme = errors.New("invalid URI scheme, must be otpauth://")
View Source 
var ErrInvalidURIType = errors.New("invalid OTP type, must be 'hotp' or 'totp'")
View Source 
var ErrMissingSecret = errors.New("missing required 'secret' parameter")
View Source 
var ErrPeriodOutOfRange = errors.New("period out of range, must be between 1 and 300 seconds")
View Source 
var ErrReplayAttack = errors.New("replay attack detected: time step already used")
View Source 
var ErrSecretTooLong = errors.New("secret too long, must be at most 64 bytes")
View Source 
var ErrSecretTooShort = errors.New("secret too short, must be at least 16 bytes")
View Source 
var ErrURITooLong = errors.New("URI exceeds maximum allowed length")
View Source 
var ErrValidateInputInvalidChars = errors.New("passcode contains invalid characters")
View Source 
var ErrValidateInputInvalidLength = errors.New("input length unexpected")

The user provided passcode length was not expected.

View Source 
var ErrValidateSecretInvalidBase32 = errors.New("decoding of secret as base32 failed")

Error when attempting to convert the secret from base32 to raw bytes.

View Source 
var ErrWindowTooLarge = errors.New("window exceeds maximum allowed value")

Functions

This section is empty.

Types

type Algorithm 

type Algorithm int

Algorithm represents the hashing function to use in the HMAC operation needed for OTPs. 

const (
	// AlgorithmSHA1 should be used for compatibility with Google Authenticator.
	//
	// HMAC-SHA1 remains cryptographically secure for OTP despite SHA1 collision attacks.
	// See RFC 4226 Section 9: https://tools.ietf.org/html/rfc4226#section-9
	//
	// For new deployments where all clients support SHA256, consider AlgorithmSHA256.
	AlgorithmSHA1 Algorithm = iota
	AlgorithmSHA256
	AlgorithmSHA512
	AlgorithmMD5
	// Extended algorithms (appended to preserve numeric values of original constants)
	AlgorithmSHA224
	AlgorithmSHA384
	// SHA3 variants (Keccak) - extended algorithm support
	AlgorithmSHA3_224
	AlgorithmSHA3_256
	AlgorithmSHA3_384
	AlgorithmSHA3_512
)

func ParseAlgorithm 

func ParseAlgorithm(name string) (Algorithm, error)

ParseAlgorithm parses an algorithm name string (case-insensitive) into an Algorithm. Accepts common aliases: "SHA-256", "SHA256", "SHA2-256", "SHA-1", "SHA1", "SSL3-SHA1". Returns an error if the name is not recognized.

func (Algorithm) Hash 

func (a Algorithm) Hash() hash.Hash

func (Algorithm) HashChecked 

func (a Algorithm) HashChecked() (hash.Hash, error)

HashChecked returns the hash.Hash for the algorithm, returning an error if the algorithm is unknown or invalid. For safe usage, prefer this over Hash() which silently falls back to SHA1 for unknown algorithms.

func (Algorithm) IsValid 

func (a Algorithm) IsValid() bool

IsValid reports whether the Algorithm is a known, supported value.

func (Algorithm) String 

func (a Algorithm) String() string

type Digits 

type Digits int

Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values. 

const (
	DigitsSix   Digits = 6
	DigitsEight Digits = 8
)

func (Digits) Format 

func (d Digits) Format(in int32) string

Format converts an integer into the zero-filled size for this Digits.

func (Digits) Length 

func (d Digits) Length() int

Length returns the number of characters for this Digits.

func (Digits) String 

func (d Digits) String() string

type Encoder 

type Encoder string

Encoder represents the output encoding format for OTP codes. 

const (
	EncoderDefault Encoder = ""
	// EncoderSteam produces 5-character alphanumeric codes using the Steam Guard
	// alphabet (23456789BCDFGHJKMNPQRTVWXY). Only compatible with KeePassXC, WinAuth,
	// Bitwarden, and the Steam Mobile App. Google Authenticator and Microsoft
	// Authenticator do not support this encoder.
	EncoderSteam Encoder = "steam"
)

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key represents a TOTP or HOTP key.

func NewKeyFromURL 

func NewKeyFromURL(orig string) (*Key, error)

NewKeyFromURL creates a new Key from an TOTP or HOTP url.

The URL format is documented here: 

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

This function performs strict validation per IETF draft-andesco-otpauth-uri: - Validates URI scheme is "otpauth://" - Validates OTP type is "hotp" or "totp" - Validates required "secret" parameter exists and is valid Base32 - Validates optional parameters have correct formats - Rejects URIs with colons in parsed issuer or account name

func (*Key) AccountName 

func (k *Key) AccountName() string

AccountName returns the name of the user's account.

func (*Key) Algorithm 

func (k *Key) Algorithm() Algorithm

Algorithm returns the algorithm used or the default (SHA1).

func (*Key) Counter 

func (k *Key) Counter() uint64

Counter returns the initial HOTP counter value, or 0 if not set or not an HOTP key.

func (*Key) Digits 

func (k *Key) Digits() Digits

Digits returns the number of OTP digits.

func (*Key) Encoder 

func (k *Key) Encoder() Encoder

Encoder returns the encoder used or the default ("")

func (*Key) GetExtraParam 

func (k *Key) GetExtraParam(key string) string

GetExtraParam returns the value of a custom query parameter from the OTP URI. Returns empty string if the parameter does not exist. This is useful for reading custom parameters that were set via ExtraParams during key generation (e.g., "lock", "source", etc.).

func (*Key) Image 

func (k *Key) Image(width int, height int) (image.Image, error)

Image returns a QR-Code image of the specified width and height, suitable for use by many clients like Google-Authenticator to enroll a user's TOTP/HOTP key.

func (*Key) ImageURL 

func (k *Key) ImageURL() string

ImageURL returns the image parameter from the OTP URL, if set. Only FreeOTP and FreeOTP+ support this parameter; other authenticator apps ignore it.

func (*Key) Issuer 

func (k *Key) Issuer() string

Issuer returns the name of the issuing organization.

func (*Key) Period 

func (k *Key) Period() uint64

Period returns the rotation time in seconds.

func (*Key) Secret 

func (k *Key) Secret() string

Secret returns the opaque secret for this Key.

func (*Key) String 

func (k *Key) String() string

func (*Key) Type 

func (k *Key) Type() string

Type returns "hotp" or "totp".

func (*Key) URL 

func (k *Key) URL() string

URL returns the OTP URL as a string

type ValidationResult 

type ValidationResult struct {
	// Valid indicates whether the passcode was accepted.
	Valid bool
	// Delta is the offset from the expected counter/step (0 = exact match,
	// negative = past, positive = future). Useful for clock drift detection.
	Delta int
	// Step is the matched time step (TOTP) or counter value (HOTP) for replay prevention tracking.
	Step uint64
}

ValidationResult provides a structured result for OTP validation operations. It includes details about whether validation succeeded and metadata about the match for replay protection and clock drift detection.

Source Files

View all Source files

Directories

Path Synopsis
Package main demonstrates a basic TOTP setup flow.
 Package main demonstrates a basic TOTP setup flow.
hotp command
Package main demonstrates HOTP (HMAC-based One-Time Password) functionality.
 Package main demonstrates HOTP (HMAC-based One-Time Password) functionality.
otp command
Package main demonstrates the core otp package functionality.
 Package main demonstrates the core otp package functionality.
secret command
Package main demonstrates the secret package functionality.
 Package main demonstrates the secret package functionality.
totp command
Package main demonstrates TOTP (Time-based One-Time Password) functionality.
 Package main demonstrates TOTP (Time-based One-Time Password) functionality.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.