{"id":2192,"date":"2024-10-31T17:44:06","date_gmt":"2024-10-31T09:44:06","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=2192"},"modified":"2024-10-31T18:04:33","modified_gmt":"2024-10-31T10:04:33","slug":"generating-time-based-otps-with-python-and-pyotp","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/","title":{"rendered":"Generating Time-Based OTPs with Python and pyotp"},"content":{"rendered":"\n

When it comes to Two-factor authentication (2FA)<\/strong>, One-time passwords (OTPs) play a critical role in enhancing security. Many applications, like Microsoft Authenticator, Google Authenticator, and DUO, use Time-based One-Time Password (TOTP) algorithms to generate OTPs that refresh every 30 seconds. In this post, I\u2019ll walk you through how to generate a TOTP code in Python using the pyotp<\/code> library, which mirrors how apps like Microsoft Authenticator work.<\/p>\n\n\n\n

\n
\n
\"\"<\/figure>\n<\/div>\n\n\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n\n
\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

Understanding the TOTP Algorithm<\/h2>\n\n\n\n

TOTP combines a shared secret<\/strong> with the current time<\/strong> to generate a one-time password. Here\u2019s how it works:<\/p>\n\n\n\n

    \n
  1. The Secret Key<\/strong>: The core component in TOTP is a unique secret key. This key, often encoded in a QR code, is shared between the server and the client (e.g., your mobile app) during setup. In our example, this secret is provided as a command-line argument.<\/li>\n\n\n\n
  2. Time-Based Calculation<\/strong>: TOTP uses the current time, divided into 30-second intervals (by default), along with the secret to generate a new OTP for each interval. So, as long as the server and client time are in sync, the generated OTP will match.<\/li>\n\n\n\n
  3. Cryptographic Hashing<\/strong>: TOTP uses the HMAC-SHA1 hash function on the secret and time values, then converts the result into a short numeric code.<\/li>\n<\/ol>\n\n\n\n

    The Script: Generating OTPs in Python<\/h2>\n\n\n\n

    This script shows how simple it is to generate OTPs in Python using the pyotp<\/code> library. Here\u2019s the full code:<\/p>\n\n\n\n

    import sys\nimport pyotp\n\nif len(sys.argv) > 1:\n    key = sys.argv[1]\nelse:\n    print(\"Usage: python3 otp.py <secret_key>\")\n    sys.exit(1)\n\nprint(pyotp.TOTP(key).now())<\/pre>\n\n\n\n
    Let\u2019s break down what each part does.<\/p>\n\n\n\n
    Code Explanation<\/h3>\n\n\n\n
    1. Importing Required Libraries<\/strong>:<\/p>\n\n\n\n
    We use sys<\/code> to handle command-line arguments, and pyotp<\/code> (a Python library for OTP generation) to handle the TOTP calculation.<\/p>\n\n\n\n
    2. Receiving the Secret Key<\/strong>:<\/p>\n\n\n\n
    sys.argv<\/code> takes the first command-line argument as the secret key. If the argument is missing, it prompts for the correct usage and exits.<\/p>\n\n\n\n
    3. Generating the OTP<\/strong>:<\/p>\n\n\n\n
    pyotp.TOTP(key).now()<\/code> generates the OTP by passing the secret key into TOTP()<\/code>. The now()<\/code> method then calculates the OTP for the current 30-second time slice.<\/p>\n\n\n\n
    Running the Script<\/h2>\n\n\n\n
    To use the script, run the following command in your terminal:<\/p>\n\n\n\n
    python3 otp.py <secret_key><\/pre>\n\n\n\n
    Replace <secret_key><\/code> with your own secret. The output will be a one-time password that matches what\u2019s generated by authenticator apps using the same secret.<\/p>\n\n\n\n
    How This Relates to QR Code Authentication<\/h2>\n\n\n\n
    When setting up 2FA, apps like Microsoft Authenticator scan a QR code containing a URL with the secret embedded in it. This QR code might look like:<\/p>\n\n\n\n
    otpauth:\/\/totp\/YourService:your.email@example.com?secret=JBSWY3DPEHXXXXXX&issuer=YourService<\/pre>\n\n\n\n
    The secret<\/code> parameter is what we use in the script. Once scanned, your authenticator app stores the secret and uses it, alongside the current time, to produce matching OTPs every 30 seconds.<\/p>\n\n\n\n
    I scanned a TOTP QR code from a website to retrieve my secret key. Using this Python script, I generated a TOTP code and compared it with the code from my Microsoft Authenticator app\u2014they matched perfectly.<\/p>\n\n\n\n
    \"\"<\/figure>\n\n\n\n
    \"\"<\/figure>\n\n\n\n
    Conclusion<\/h2>\n\n\n\n
    Generating your own OTPs with Python is straightforward and provides insight into how TOTP-based 2FA apps work behind the scenes. By combining a secret with the current time, TOTP provides a secure, time-sensitive code that keeps your accounts safe. Try experimenting with different secrets, and you\u2019ll see that each one consistently produces a unique OTP at any given moment.<\/p>\n\n\n\n
    For more details, check out pyotp on GitHub<\/a> to dive deeper into OTP generation.<\/p>\n","protected":false},"excerpt":{"rendered":"
    When it comes to Two-factor authentication (2FA), One-time passwords (OTPs) play a critical role in enhancing security. Many applications, like Microsoft Authenticator, Google Authenticator, and DUO, use Time-based One-Time Password (TOTP) algorithms to generate OTPs that refresh every 30 seconds. In this post, I\u2019ll walk you through how to generate a TOTP code in Python […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[13,34],"tags":[],"class_list":["post-2192","post","type-post","status-publish","format-standard","hentry","category-handyscripts","category-mfa"],"yoast_head":"\nGenerating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Generating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"When it comes to Two-factor authentication (2FA), One-time passwords (OTPs) play a critical role in enhancing security. Many applications, like Microsoft Authenticator, Google Authenticator, and DUO, use Time-based One-Time Password (TOTP) algorithms to generate OTPs that refresh every 30 seconds. In this post, I\u2019ll walk you through how to generate a TOTP code in Python […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-31T09:44:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-31T10:04:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Generating Time-Based OTPs with Python and pyotp\",\"datePublished\":\"2024-10-31T09:44:06+00:00\",\"dateModified\":\"2024-10-31T10:04:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\"},\"wordCount\":529,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png\",\"articleSection\":[\"HandyScripts\",\"MFA\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\",\"name\":\"Generating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png\",\"datePublished\":\"2024-10-31T09:44:06+00:00\",\"dateModified\":\"2024-10-31T10:04:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png\",\"width\":512,\"height\":512},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Generating Time-Based OTPs with Python and pyotp\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Generating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/","og_locale":"en_US","og_type":"article","og_title":"Generating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT","og_description":"When it comes to Two-factor authentication (2FA), One-time passwords (OTPs) play a critical role in enhancing security. Many applications, like Microsoft Authenticator, Google Authenticator, and DUO, use Time-based One-Time Password (TOTP) algorithms to generate OTPs that refresh every 30 seconds. In this post, I\u2019ll walk you through how to generate a TOTP code in Python […]","og_url":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2024-10-31T09:44:06+00:00","article_modified_time":"2024-10-31T10:04:33+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png","type":"image\/png"}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Generating Time-Based OTPs with Python and pyotp","datePublished":"2024-10-31T09:44:06+00:00","dateModified":"2024-10-31T10:04:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/"},"wordCount":529,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png","articleSection":["HandyScripts","MFA"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/","url":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/","name":"Generating Time-Based OTPs with Python and pyotp - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png","datePublished":"2024-10-31T09:44:06+00:00","dateModified":"2024-10-31T10:04:33+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/10\/image-12.png","width":512,"height":512},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/generating-time-based-otps-with-python-and-pyotp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Generating Time-Based OTPs with Python and pyotp"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=2192"}],"version-history":[{"count":4,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2192\/revisions"}],"predecessor-version":[{"id":2204,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2192\/revisions\/2204"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=2192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=2192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=2192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}