Crate libotp

source ·
Expand description

HMAC and Time-Based One-Time-Password implementations based on RFC4226 and RFC6238.


use libotp::{totp, validate_totp};

const TOTP_STEP: u64 = 30;
const OTP_DIGITS: u32 = 8;

fn check_user_otp(user: User, guess: u32) -> Option<bool> {
    // get the shared secret from some database.
    let secret = user.get_totp_secret();

    validate_totp(guess, 1, secret, OTP_DIGITS, TOTP_STEP, 0)

fn get_user_otp(user: User) -> Option<u32> {
    // get shared secret
    let secret = user.get_totp_secret();

    totp(secret, OTP_DIGITS, TOTP_STEP, 0)


  • This is the secret that will be used to generate HMAC based one-time-passwords.
  • Provides Time based One Time Passwords.