GoEasy-OTP

What is GoEasy-OTP?What could we get through GoEasy-OTP?

GoEasy-OTP(One-time password) is used to secure the GoEasy appkey, same as our common target, easily and safety to use! It will block the people who tries to use your appkey to do some illegal operations.

How does the GoEasy-OTP work?

    var goEasy = new GoEasy({
        appkey: 'Your client key',
        otp:'OTP number generated from your server'
    });
  1. When you initialize a goEasy object in JavaScript, besides the parameter appkey, you need to add one more parameter: otp
  2. GoEasy-OTP is a secure string generated from your server-side according to the Goeasy OTP algorithm. Each page you are working with GoEasy require an unique GoEasy-OTP.
  3. GoEasy will validate the legitimacy of OTP, each OTP will only be used one time, So even someone obtain the app key via your page, they can’t use it pull or push message.

I want to use GoEasy-OTP to protect my message,how could I start?

Login into GoEasy,find “Professional keys”, you will see 3 keys there:

  1. Client key: Only used at client side, it must be used with OTP, it could be used both on pushing and subscribing. The server side could not use it.
  2. Restful key: Only used to call the Restful api, it can’t be used on pushing and subscribing on client side.
  3. Secret key: It will be used as secure key to generate the GoEasy-OTP

When you generate GoEasy-OTP at server side, the rules are:

  1. Define a string, initial the string as "000"+current millisecond.
  2. Take the value of Secret key, use AES(ECB) to secure the string defined above step.
  3. Use Base64 to encode the result generated at step 2, then the result is GoEasyOTP
  4. To Validate if your OTP algorithm is working well:

    Test parameters:

    secret key: 86726e4356dce2d3

    System currently millisecond: 0001490325990593

    Test result: +rOKqbTZioistsdMrhon0A==

Modify your JavaScript code, using the Client key as appkey, sending to your backend server to generate OTP.

    var goEasy = new GoEasy({
        appkey: 'Your client key',
        otp:' OTP number generated from your server '
    });

Over

Samples of GoEasy-OTP

Java

    public static String goEasyOTP(String secretKey) {
        try {
            String otp = "000" + System.currentTimeMillis();
            SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
            byte[] otpBytes = otp.getBytes();
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encryptedOTP = cipher.doFinal(otpBytes);
            otp = new BASE64Encoder().encode(encryptedOTP);
            return otp;
        } catch (Exception e) {
            throw new IllegalStateException("Failed to generate GoEasy-OTP.", e);
        }
    }

Python

from Crypto.Cipher import AES

def goEasyOTP(secretKey):
    otp = "000" + str(int(round(time.time() * 1000)))
    cipher = AES.new(secretKey, AES.MODE_ECB)
    encryptedOtp = cipher.encrypt(otp)
    encryptedOtp = base64.b64encode(encryptedOtp)
    return encryptedOtp

PHP

    public function goEasyOTP($secretKey){
        $key = $secretKey;
        //$key=86726e4356dce2d3;
        list($t1, $t2) = explode(' ', microtime());
        $text=(float)sprintf('%.0f',(floatval($t1)+floatval($t2))*1000);
        $text = "000".$text;
        //$text = "0001490325990593";
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $crypttext =base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_ECB, $iv));
        return $crypttext;
    }

C#

    public string goEasyOTP(string secretKey)
    {
        string otp = null;
        byte[] encrypted = null;
        string currentTimeMills=string.Format("000{0}",(long)(DateTime.UtcNow-new
        DateTime(1970,1,1,0,0,0,DateTimeKind.Utc)).TotalMilliseconds);
        //"0001490325990593"
        byte[] byteSecretKey = Encoding.ASCII.GetBytes(secretKey);
        using (AesManaged aesAlg = new AesManaged(){Key = byteSecretKey,Mode = CipherMode.ECB,Padding = PaddingMode.None})
        {
        ICryptoTransform encryptor = aesAlg.CreateEncryptor();
        using (MemoryStream msEncrypt = new MemoryStream())
            {
            using(CryptoStream csEncrypt = new CryptoStream(msEncrypt,encryptor,CryptoStreamMode.Write))
                {
                    using(StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                    {
                        swEncrypt.Write(currentTimeMills);
                    }
                    encrypted = msEncrypt.ToArray();
                }
            }
        }
        otp = Convert.ToBase64String(encrypted);
        return otp;
    }

Ruby

Coming...

results matching ""

    No results matching ""