
like Google Authenticator implement the Time-Based One-Time Password (TOTP) algorithm, demo implemented by java .etc

QR Url Format


%3A is URL Encoded Char ':' and issuer=VENDOR used by Google Authenticator.

For exmaple, otpauth://totp/Google%3Atest@gmail.com?secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&issuer=Google

Pseudo Code [1]

original_secret = xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
secret = BASE32_DECODE(TO_UPPERCASE(REMOVE_SPACES(original_secret)))
input = CURRENT_UNIX_TIME() / 30
hmac = SHA1(secret + SHA1(secret + input))
four_bytes = hmac[LAST_BYTE(hmac):LAST_BYTE(hmac) + 4]
large_integer = INT(four_bytes)
small_integer = large_integer % 1000000

See Also

