I have generated the otp using java-otp.jar file , trying to validate the generated otp code using otp.verify ( which is part otp-java.3.2.1) . Below is the sample code.
Note: I am using java7
I have a server which uses TOTP builder and built with java 8 .
I have a client build with java 7 , To get the access , i have used "TimeBasedOneTimePasswordGenerator".
Is it right approach to use the otp code generated with generateOneTimePassword() and validate with totp.verify(TOTP.Builder(x).build and then with totp.verify()?
Could you please help me , what is the wrong in the below code
// Generating the otp using otp-java-1.3.2
totp_latest.now();
System.out.println("OTP Code with Latest Jar File otp-java-1.3.2 " + totp_latest.now());
// Generating the otp using java-otp-0.1.0 .jar
String code1 = otpNow(sec);
System.out.println("OTP Code with old Jar File java-otp.0.1.0.jar " + code1);
if ( totp_latest.verify(code1)) {
System.out.println("The OTP is matched ");
}
else {
System.out.println("OTP Code is Not Matched");
}
}
public static String otpNow(String key) throws InvalidKeyException, NoSuchAlgorithmException {
// decode the base64 encoded string
byte[] decodedKey = Base64.getDecoder().decode(key);
// rebuild key using SecretKeySpec
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
final TimeBasedOneTimePasswordGenerator totp = new TimeBasedOneTimePasswordGenerator(30, SECONDS, 6, TOTP_ALGORITHM_HMAC_SHA512);
final Date now = new Date();
String code = String.valueOf(totp.generateOneTimePassword(originalKey,now ));
return code;
}
HI ,
I have generated the otp using java-otp.jar file , trying to validate the generated otp code using otp.verify ( which is part otp-java.3.2.1) . Below is the sample code.
Note: I am using java7
I have a server which uses TOTP builder and built with java 8 . I have a client build with java 7 , To get the access , i have used "TimeBasedOneTimePasswordGenerator". Is it right approach to use the otp code generated with generateOneTimePassword() and validate with totp.verify(TOTP.Builder(x).build and then with totp.verify()?
Could you please help me , what is the wrong in the below code
import com.bastiaanjansen.otp.HMACAlgorithm; import com.bastiaanjansen.otp.TOTP; import com.eatthepath.otp.TimeBasedOneTimePasswordGenerator;
import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException; import java.lang.reflect.UndeclaredThrowableException; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.time.Duration; import java.time.Instant;
import java.time.Duration; import java.util.Base64; import java.util.Calendar; import java.util.Date; import java.util.TimeZone; import java.util.concurrent.TimeUnit; import org.apache.commons.codec.binary.Base32;
import static com.eatthepath.otp.TimeBasedOneTimePasswordGenerator.TOTP_ALGORITHM_HMAC_SHA512; import static java.util.concurrent.TimeUnit.SECONDS;
public class Checktotp {
// Coverting the Secret Key to String
// Generating the otp using otp-java-1.3.2 totp_latest.now(); System.out.println("OTP Code with Latest Jar File otp-java-1.3.2 " + totp_latest.now());
// Generating the otp using java-otp-0.1.0 .jar String code1 = otpNow(sec); System.out.println("OTP Code with old Jar File java-otp.0.1.0.jar " + code1);
}