Authen::OATH(3) OATH One Time Passwords


Version 1.0.0


Implementation of the HOTP and TOTP One Time Password algorithms as defined by OATH (

All necessary parameters are set by default, though these can be overridden. Both totp() and htop() have passed all of the test vectors defined in the RFC documents for TOTP and HOTP.

totp() and hotp() both default to returning 6 digits and using SHA1. As such, both can be called by passing only the secret key and a valid OTP will be returned.

use Authen::OATH;
my $oath = Authen::OATH->new();
my $totp = $oath->totp( "MySecretPassword" );
my $hotp = $oath->hotp( "MyOtherSecretPassword" );

Parameters may be overridden when creating the new object:

    my $oath = Authen::OATH->new( 'digits' => 8 );

The three parameters are ``digits'', ``digest'', and ``timestep.'' Timestep only applies to the totp() function.

While strictly speaking this is outside the specifications of HOTP and TOTP, you can specify digests other than SHA1. For example:

    my $oath = Authen::OATH->new( "digits" => 10,
                                  "digest" => "Digest::MD6"



    my $otp = $oath->totp( $secret [, $manual_time ] );

Manual time is an optional parameter. If it is not passed, the current time is used. This is useful for testing purposes.


    my $opt = $oath->hotp( $secret, $counter );

Both parameters are required.


This is an internal routine and is never called directly.


Kurt Kincaid, "<kurt.kincaid at>"


Please report any bugs or feature requests to "bug-authen-totp at", or through the web interface at <>. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.


You can find documentation for this module with the perldoc command.

    perldoc Authen::OATH

You can also look for information at:



Copyright 2010 Kurt Kincaid.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See for more information.