{ ^_^ } sinustrom Solving life, one problem at a time!



oathuri_totp_generate, oathuri_hotp_generate − OATH TOTP/HOTP key URI generation


#include <oathuri.h>

int oathuri_totp_generate(const char * secret, const char * account_name, const char * issuer, unsigned digits, uint64_t period, oathuri_hash algorithm, char * key_uri);
int oathuri_hotp_generate(const char *
secret, const char * account_name, const char * issuer, unsigned digits, uint64_t counter, oathuri_hash algorithm, char * key_uri);


The functions of the oathuri library generate a one−time−password (OTP) key URI string to be used by authenticator applications for initialization via QR code.

oathuri_totp_generate() produces an URI for the time−variant TOTP algorithm described in RFC 6238, while oathuri_hotp_generate() produces an URI for the HMAC−variant HOTP algorithm described in RFC 4226.

secret is the shared secret string typically encoded in Base32 according to RFC 3548. The padding specified in RFC 3548 section 2.2 is not required and should be omitted. Must be NULL terminated.

account_name is the owner of the account (typically an email address) on the service owned by the issuer. These are usually shown in the authenticator applications to identify the key. Neither of them can contain a colon (:). These values will be URL-encoded according to RFC 3986. Both must be NULL terminated.

digits determine the length of the generated OTP. Currently only values 6, 7, and 8 are supported.

The parameter period describes how long the time window for each OTP is. The recommended value is 30 seconds, and you can use the value 0 to indicate this (only for oathuri_totp_generate()).

The parameter counter is the moving factor indicating the current OTP to generate (only for oathuri_hotp_generate()).

algorithm determines the type of hasing used during OTP generation. The recommended default is OATHURI_SHA1 but OATHURI_SHA256 and OATHURI_SHA512 are also supported. 0 can be used to indicate the default.

The generated URI is stored in the key_uri buffer, which must have room for the entire encoded URI plus one for the terminating NULL. The maximum size of the URI will not exceed OATHURI_MAX_LEN. In case of an error, the buffer is left unmodified.


On success, OATHURI_OK (zero) is returned, otherwise a negative error code is returned.




Written by Zoltan Puskas.


Report bugs by email to <bugsNULL@NULLsinustrom.info>, or open an issue over the web at <https://github.com/zpuskas/oath-uri/issues>.


You can find more information and usage examples on the project’s website at <https://sinustrom.info/projects/oath-uri/>.

Read up on the key URI format at <https://github.com/google/google-authenticator/wiki/Key-Uri-Format>.


GNU LGPL version 2.1 or later <https://gnu.org/licenses/lgpl.html>.