otp_util

otp_util is a dart package to generate and verify one-time passwords that were used to implement 2FA and MFA authentication method in web applications and other login-required systems.

The package was implement based on RFC4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and RFC6238 (TOTP: Time-Based One-Time Password Algorithm).

Feature

  • Create and verify a HOTP object
  • Create and verify a TOTP object
  • Generate a otpauth url with the b32 encoded string
  • Support for OTP tokens encrypted with SHA1, SHA256, SHA384 and SHA512

Installation

Pubspec

Add otp_util as a dependency in your pubspec.yaml file.

dependencies:
  otp_util: ^1.0.2

Example

Time-based OTPs

import 'package:dart_otp/dart_otp.dart';

void main() {

  /// default initialization for intervals of 30 seconds and 6 digit tokens
  TOTP totp = TOTP(secret: "BASE32ENCODEDSECRET");

  /// initialization for custom interval and digit values
  TOTP totp = TOTP(secret: "BASE32ENCODEDSECRET", interval: 60, digits: 8);

  totp.now(); /// => 745872

  /// verify for the current time
  totp.verify(otp: '745872'); /// => true

  /// verify after 30s
  totp.verify(otp: '745872'); /// => false
}

Counter-based OTPs

import 'package:dart_otp/dart_otp.dart';

void main() {

  /// default initialization for intervals of 30 seconds and 6 digit tokens
  HOTP hotp = HOTP(secret: "BASE32ENCODEDSECRET");

  /// initialization for custom counter and digit value
  HOTP hotp = HOTP(secret: "BASE32ENCODEDSECRET", counter: 50, digits: 8);

  hotp.at(counter: 0); /// => 145089
  hotp.at(counter: 1); /// => 899133
  hotp.at(counter: 2438); /// => 146071

  /// verify with a counter
  hotp.verify(otp: '397732', counter: 2438); /// => true
  hotp.verify(otp: '397732', counter: 2438); /// => false
}

Release notes

See CHANGELOG.md.

Libraries

otp_util