Class

HIDApproveSyncOTPGenerator

Extends the OTP generator to support synchronous time or event based generation. (HOTP, TOTP)
R 4226 R 6238 Instance Methods F getAlgorithmParameters() -> HIDApproveOTPAlgorithmParameters F getOTP(password: String?) throws -> String OTP - Synchronous (HOTP/TOTP) C HIDApproveHOTPAlgorithmParameters C HIDApproveTOTPAlgorithmParameters

Declaration

final class HIDApproveSyncOTPGenerator

Overview

Provided by method getDefaultOTPGenerator().

Overview

Synchronous one-time password (OTP) algorithms generate short-lived numeric codes based on a shared secret credential provisioned during the activation process. The HID Approve SDK supports the two main standards HOTP (HMAC-Based One-Time Password) and TOTP (Time-Based One-Time Password).

  • HOTP is defined in RFC 4226 and produces a new code each time a counter increments, requiring the client and server to stay synchronized on that counter.

  • TOTP is defined in RFC 6238 and derives the code from the current time (typically in 30-second intervals), eliminating the need for a shared counter.

Example Code:

do{
    // Find keys available for the usage OTP; if several are available, we need to distinguish them with their labels
    let filter = HIDApproveKeyFilter(keyUsage: .OTP)
    if let keys = try self.getContainer()?.findKeys(filter: [filter]) {
        for key in keys {
            // To identify the protection policy used : look at the type of the protectionPolicy.
            // HIDApprovePolicyType.Device : no password required
            // HIDApprovePolicyType.Password : password required
            // HIDApprovePolicyType.BioPassword : see the protection policy documentation for usage.
            let policyType = try key.getProtectionPolicy().type
            let algo = key.algorithm
            let label = try key.getProperty(propertyId: .LABEL)
            NSLog("Found key: PolicyType=%@, Algorithm=%@, Label=%@", policyType.description, algo, label)
        }
        let key = keys.first
        let otpGenerator = try key?.getDefaultOTPGenerator()
        
        // Get the next OTP
        // We assume the generator is Synchronous (HOTP or TOTP algorithms)
        // We assume the key is not password protected (password nil)
        let syncOtpGenerator = otpGenerator as! HIDApproveSyncOTPGenerator
        let otp = try syncOtpGenerator.getOTP(password: nil)
    }
}
catch let error as NSError{
    NSLog("Failed to generate OTP: %@",error.localizedDescription);
}

Topics

Instance Methods

func getAlgorithmParameters() -> HIDApproveOTPAlgorithmParameters
Returns The structure containing all of the algorithm parameters for OTP generator. For instance time-step, counter, length…
func getOTP(password: String?) throws -> String
Compute the one-time password.

See Also

OTP - Synchronous (HOTP/TOTP)

class HIDApproveHOTPAlgorithmParameters
Represents parameters ruling a HOTP algorithm (RFC 4226).
class HIDApproveTOTPAlgorithmParameters
Represents parameters ruling a TOTP algorithm (RFC 6238).