Current stable release: onetimepass-v0.2.0.tar.gz
Current development release: onetimepass-v0.2.1.tar.gz
Version | Date | Changes |
---|---|---|
0.2.1 | TBD |
|
0.2.0 | 2013-04-11 |
|
0.1.2 | 2013-01-23 |
|
0.1.1 | 2013-12-20 |
|
0.1.0 | 2011-12-19 | (initial public release) |
OneTimePass (actually onetimepass) is a module for generating one-time passwords, namely HOTPs (HMAC-based one-time passowords) and TOTPs (time-based one-time passwords). They are used eg. within Google Authenticator application for Android or iPhone.
To install the library, you can either use pip, or just download it separately. Installing in pip is the simplest. Assuming you are installing it system-wide:
$ sudo pip install onetimepass
(if you are installing it in virtualenv, you do not need “sudo” part).
Alternatively, you can follow the download link above and unpack in some directory on your sys.path, or clone it as Git submodule to your own directory.
You can use this module in the following way:
Install module (download it into your application’s directory or into modules directory)
To get time-based token you invoke it like that:
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = otp.get_totp(my_secret)
To get HMAC-based token you invoke it like that:
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = otp.get_hotp(my_secret, intervals_no=3)
where intervals_no is the number of the current trial (if checking on the server, you have to check several values, higher than the last successful one, determined for previous successful authentications).
To check time-based token you invoke it like that:
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = 123456 # should be probably from some user's input
is_valid = otp.valid_totp(token=my_token, secret=my_secret)
To check HMAC-based token you invoke it like that:
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = 123456 # should be probably from some user's input
last_used = 5 # store last valid interval somewhere else
is_valid = otp.valid_hotp(token=my_token, secret=my_secret, last=last_used)
where: