OTP Code Generation with CryptoKit: A Swift Approach

08 February 2024 • Last updated: 10 March 2024 • 3 min read • Swift CryptoKit TOTP

Introduction

In the realm of secure authentication, One-Time Passwords (OTPs) play a crucial role. Whether it's two-factor authentication (2FA) or protecting sensitive transactions, OTPs provide an additional layer of security. In this article, we'll explore how to generate OTPs using CryptoKit, Apple's powerful cryptographic framework.

What Is an OTP?

An OTP is a temporary password that is valid for a single use or a short period. It ensures that even if an attacker intercepts the password, they won't be able to reuse it. OTPs are commonly used in scenarios like logging into online accounts, confirming transactions, or accessing secure systems.

Understanding TOTP (Time-Based OTP)

TOTP is a type of OTP that changes over time. It's based on a shared secret key and the current time.
The secret key is known only to the user and the server.
The server and the user's device both calculate the same OTP based on the secret key and the current time.
The OTP is typically a 6 or 8-digit numeric code.

Generating TOTP with CryptoKit

Let's dive into the Swift code for generating a TOTP using CryptoKit. We'll assume you already have a shared secret key (usually provided during user registration).

import CryptoKit
import CommonCrypto
import Foundation

func cryptoKitTOTP(secret: String) -> String {
    let period = TimeInterval(30)
    let digits = 6
    let secret = base32Decode(value: secret)!
    var counter = UInt64(Date().timeIntervalSince1970 / period).bigEndian

    // Generate the key based on the counter.
    let key = SymmetricKey(data: Data(bytes: &counter, count: MemoryLayout.size(ofValue: counter)))
    let hash = HMAC<Insecure.SHA1>.authenticationCode(for: secret, using: key)

    var truncatedHash = hash.withUnsafeBytes { ptr -> UInt32 in
        let offset = ptr[hash.byteCount - 1] & 0x0f

        let truncatedHashPtr = ptr.baseAddress! + Int(offset)
        return truncatedHashPtr.bindMemory(to: UInt32.self, capacity: 1).pointee
    }

    truncatedHash = UInt32(bigEndian: truncatedHash)
    truncatedHash = truncatedHash & 0x7FFF_FFFF
    truncatedHash = truncatedHash % UInt32(pow(10, Float(digits)))

    return String(format: "%0*u", digits, truncatedHash)
}

print(cryptoKitTOTP(secret: "5FAA5JZ7WHO5WDNN"))

Conclusion

By leveraging CryptoKit, you can easily implement TOTP generation in your iOS apps. Remember to securely store and manage the shared secret key. OTPs enhance security and protect your users' accounts from unauthorized access.

For more details, refer to the official Apple CryptoKit documentation.

Generics in Swift • 3 minutes reading time.
Handle hyperlinks in SwiftUI • 2 minutes reading time.
Building an Asynchronous Button in SwiftUI • 6 minutes reading time.

Share Mastodon Twitter LinkedIn Facebook