OtpSharp 1.0.5

This is an implementation of HOTP and TOTP which are commonly used for multi factor authentication by using a shared key between the client and the server to generate and verify one time use codes.  This library is capable of generating and verifying both TOTP and HOTP authentication codes.  The calculations in this library are known to be compatible with Google 2-Step Verification and consequently the Google Authenticator smartphone app.  It is also known to be able to generate codes for Amazon Web Services Multi Factor Authentication and Dropbox 2 step authentication.  It should work with any other service or client that is RFC compliant.

This library is released under an MIT license. No warranty is provided as to the correctness of the library and the consumer of the library assumes all risk for the use thereof, as per the MIT license.

Every effort has gone into implementing this library in accordance with the RFCs mentioned above. However it is up to the users of this library to read through the RFCs and ensure that this implementation is in accordance with the security procedures outlined therein.

The implementation includes the code calculation as well as simple verification. Persistence of the keys, secure key storage, ensuring that a single code can't be validated multiple times and other things are not a part of this library. Thus far those functions (and any others mentioned in the RFCs) are up to the consumer of this library.

For documentation please visit the project website.

There is a newer version of this package available.
See the version list below for details.
Install-Package OtpSharp -Version 1.0.5
dotnet add package OtpSharp --version 1.0.5
<PackageReference Include="OtpSharp" Version="1.0.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add OtpSharp --version 1.0.5
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Release Notes

1.0.4 Changed the Protected Key API to be more explicit (may break existing direct useage of the protected key)

The protected key no longer implicitly causes side effects (destroying the plaintext key provided must be done explicitly)

Added a time correction class with experimental NTP abilities.

Support for .net 3.5 as well as client profiles with some minor limitations.

1.0.3 Fixed unexpected behavior where the plaintext key provided to an HOTP or TOTP object will be scrambled.  Now it will remain intact.  Added constructor overloads to provide a protected key instead of a byte array if desired.


This package has no dependencies.

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated 206,977 11/16/2015 11,253 1/17/2015 4,943 7/13/2014 407 7/12/2014 1,865 10/25/2013 602 8/9/2013 523 7/29/2013 703 3/12/2013 490 3/12/2013 453 3/12/2013 463 3/11/2013 488 3/8/2013 520 3/2/2013
1.0.5 514 3/1/2013
Show less