Awesome Open Source
Awesome Open Source


Time-Based One-Time Password (RFC 6238) and HMAC-Based One-Time Password (RFC 4226) reference implementations and more.

Getting Started

TOTP generation

// Passwords will be 6 digits, change every 30 seconds, and are computed with SHA-1.
TOTP totp = new TOTP(6, Duration.ofSeconds(30L), Keys.generate("HmacSHA1", 160), SHA1.getInstance());

// OR

HOTP generation

// Passwords will be 6 digits and are computed with SHA-1.
HOTP hotp = new HOTP(6, Keys.generate("HmacSHA1", 160), SHA1.getInstance());


HMAC signing

byte[] input = "Hello, World!".getBytes();

// Create an HMAC instance.
HMAC hmac = new HMAC(Keys.generate("AES"), SHA1.getInstance());

// Sign the input.
byte[] tag = hmac.sign(input);


// Verify the input later.
boolean valid = hmac.verify(input, tag);

Alternatively, you can use JceMAC, which wraps JCE's Mac:

JceMac hmac = new JceMac(Keys.generate("AES"), "HmacSHA1");


Classes: MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA512t224, SHA512t256.

byte[] input = "Hello, World!".getBytes();

// Hash the input using SHA-1.
byte[] hash = SHA1.getInstance().compute(input);

Utility classes' methods


  • byte[] generate(String algorithm, SecureRandom secureRandom) Generates a key, specifying the algorithm and SecureRandom.
  • byte[] generate(String algorithm, int keySize) Generates a key, specifying the algorithm and key size in bytes.
  • byte[] generate(String algorithm) Generates a key, specifying the algorithm.


  • byte[] concatenate(byte[] array, byte[]... arrays) Concatenates n-arrays.
  • byte[] xor(byte[] array1, byte[] array2) XOR operation on two arrays.
  • byte[] toHex(byte[] bytes) Converts bytes to hexadecimal bytes.


This code is under the BSD 3-Clause.


If you like my work and want to support it, please consider sponsoring me. Your support helps me make the time to code great things!

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Java (388,172
Md5 (1,392
Hmac (1,289
Sha256 (831
Totp (797
Sha1 (725
Hotp (298
Sha512 (143
Sha384 (57
Sha224 (37
Md2 (14