One-Time Password Library

Build Status Gem Version License

This library provides an implementation of HMAC-Based One-Time Password Algorithm (HOTP; RFC4226) and Time-Based One-Time Password Algorithm (HOTP; RFC6238).


To create new TOTP secret:

require "otp"

# Create a TOTP instance and new key
totp =
totp.new_secret  # create random secret
p totp.password  #=> "123456" (password for the current time)

# Inspect TOTP parameters
p totp.secret    #=> "YVMR2G7N4OAXGKFC" (BASE32-formated HMAC key)
p totp.algorithm #=> "SHA1" (HMAC algorithm; default SHA1)
p totp.digits    #=> 6 (number of password digits; default 6)
p totp.period    #=> 30 (time step period in second; default 30)
p totp.time      #=> nil (UNIX time by Time or Integer; nil for the current time)

# Format TOTP URI. Otpauth scheme URLs can be read by OTP::URI.parse.
totp.issuer = "My Company"
totp.accountname = "[email protected]"
p totp.to_uri    #=> "otpauth://totp/My%20Company:[email protected]?secret=47JBA7ZWDDLNZJMX&issuer=My+Company"

To verify given TOTP password:

require "otp"

totp =
totp.secret = "YVMR2G7N4OAXGKFC"
p totp.verify("123456")  #=> true/false (verify given passowrd)

You can use the last and post option parameters to verify several generations, including before and after the current password.

# verify passwords from last 2 generation to post 1 generation
p totp.verify("123456", last: 2, post: 1)

TOTP and HOTP algorithm details can be referred at the following URLs.

In the OTP URI format, the value of "secret" is encoded with BASE32 algorithm. The Format details are described in the document of Google Authenticator.