如何生成OTP与system.security.cryptography可以在客户端上验证? [英] How can you generate OTP with system.security.cryptography that can be authenticated on client?
问题描述
任何人都知道我在哪里可以找到与system.security.cryptography命名空间的示例代码 - 或开发人员可以遵循的说明?
Anyone know where I could find sample code for this with system.security.cryptography namespace -- or instructions followable by a developer?
目的是添加两asp.net网站的因子验证。在网站上,我想要求用户输入密码(类似于如果他们从密钥箱中获得密码)。在客户端我想提供一个vb.net windows.forms程序,生成正确的密码。
The purpose is to add two-factor authentication to an asp.net website. On website I want to ask user to enter a passcode (similar to if they got it from a keyfob). On the client side I want to provide a vb.net windows.forms program that generates the correct passcode.
我想用小规模的system.security.cryptography命名空间做到这一点。我在寻找示例代码,我不想搞乱设备或购买身份验证服务器设备。
I want to do this with system.security.cryptography namespace on a small scale. I was looking for sample code I don't want to mess with devices or purchase authentication server appliances.
大多数算法需要高级数学或用于其他平台(如Linux或PHP)。我正在寻找.net等效文件。
Most of the algorithms out there require an advanced degree in math or are for other platforms such as Linux or PHP. I'm looking for the .net equivalent.
推荐答案
RFC4226 (基于计数器的OTP)或 draft-mraihi-totp-time-based (基于时间的OTP)比较简单:
The cryptographic parts of RFC4226 (counter-based OTP) or draft-mraihi-totp-timebased (time-based OTP) are relatively simple:
- 根据共享密钥和计数器/时间生成HMAC
- 以安全的方式截断
这通常是用户管理和静态/动态同步,使它变得复杂。
It is usually the user-management and the static/dynamic synchronization that makes it complicated.
这样应该可以工作:
public static int CalculateHotp(byte[] key, byte[] counter)
{
var hmacsha1 = new HMACSHA1(key);
byte[] hmac_result = hmacsha1.ComputeHash(counter);
int offset = hmac_result[19] & 0x0f;
int bin_code = (hmac_result[offset] & 0x7f) << 24
| (hmac_result[offset+1] & 0xff) << 16
| (hmac_result[offset+2] & 0xff) << 8
| (hmac_result[offset+3] & 0xff);
int hotp = bin_code % 1000000;
return hotp;
}
这篇关于如何生成OTP与system.security.cryptography可以在客户端上验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
