Wesley de Groot's Blog
OTP Code Generation with CryptoKit: A Swift Approach

OTP Code Generation with CryptoKit: A Swift Approach


In the realm of secure authentication, One-Time Passwords (OTPs) play a crucial role. Whether it's two-factor authentication (2FA) or protecting sensitive transactions, OTPs provide an additional layer of security. In this article, we'll explore how to generate OTPs using CryptoKit, Apple's powerful cryptographic framework.

What Is an OTP?

An OTP is a temporary password that is valid for a single use or a short period. It ensures that even if an attacker intercepts the password, they won't be able to reuse it. OTPs are commonly used in scenarios like logging into online accounts, confirming transactions, or accessing secure systems.

Understanding TOTP (Time-Based OTP)

  • TOTP is a type of OTP that changes over time. It's based on a shared secret key and the current time.
  • The secret key is known only to the user and the server.
  • The server and the user's device both calculate the same OTP based on the secret key and the current time.
  • The OTP is typically a 6 or 8-digit numeric code.

Generating TOTP with CryptoKit

Let's dive into the Swift code for generating a TOTP using CryptoKit. We'll assume you already have a shared secret key (usually provided during user registration).

import CryptoKit
import CommonCrypto
import Foundation

func cryptoKitTOTP(secret: String) -> String {
    let period = TimeInterval(30)
    let digits = 6
    let secret = base32Decode(value: secret)!
    var counter = UInt64(Date().timeIntervalSince1970 / period).bigEndian

    // Generate the key based on the counter.
    let key = SymmetricKey(data: Data(bytes: &counter, count: MemoryLayout.size(ofValue: counter)))
    let hash = HMAC<Insecure.SHA1>.authenticationCode(for: secret, using: key)

    var truncatedHash = hash.withUnsafeBytes { ptr -> UInt32 in
        let offset = ptr[hash.byteCount - 1] & 0x0f

        let truncatedHashPtr = ptr.baseAddress! + Int(offset)
        return truncatedHashPtr.bindMemory(to: UInt32.self, capacity: 1).pointee

    truncatedHash = UInt32(bigEndian: truncatedHash)
    truncatedHash = truncatedHash & 0x7FFF_FFFF
    truncatedHash = truncatedHash % UInt32(pow(10, Float(digits)))

    return String(format: "%0*u", digits, truncatedHash)

print(cryptoKitTOTP(secret: "5FAA5JZ7WHO5WDNN"))


By leveraging CryptoKit, you can easily implement TOTP generation in your iOS apps. Remember to securely store and manage the shared secret key. OTPs enhance security and protect your users' accounts from unauthorized access.

For more details, refer to the official Apple CryptoKit documentation.

x-twitter mastodon github linkedin discord threads instagram whatsapp bluesky square-rss sitemap