0

I'm writing a simple 2FA application, which generates TOTP codes in a flutter app, then I want the user to enter this code in an ASP.NET Core site, but I can't validate the code in the site.

In Flutter/Dart, I am using the library dart-otp and in ASP.NET Core, I am using kspearrin /Otp.NET

The code in Flutter/Dart is

    var now = DateTime.now();
    now = DateTime(2023, 04, 26, 10, 10, 10);

    var code = OTP.generateTOTPCodeString(
          'DDXFM42476476545', now.millisecondsSinceEpoch,
          algorithm: Algorithm.SHA256, isGoogle: false);

    print(code);  // Outputs 667099

In C# the code is

    string skey = "DDXFM42476476545";

    var  now = new DateTime(2023, 04, 26, 10, 10, 10);
    var totp = new Totp(Base32Encoding.ToBytes(skey),30,OtpHashMode.Sha256);
//var totp = new Totp(Encoding.UTF8.GetBytes(skey), 30, OtpHashMode.Sha256);

    var code = totp.ComputeTotp(now);//code : 734057

I don't know what is the problem of the code or if I am understanding something wrong?

Tareq
  • 1,397
  • 27
  • 28
  • It looks like the `dart-otp` library is [encoding the secret in utf8](https://github.com/daegalus/dart-otp/blob/master/lib/otp.dart#L96), while your provided C# code is encoding in Base32. – mmcdon20 Apr 28 '23 at 19:35
  • I have also tried using UTF-8 encoding, but without any match (this line is commented in the code ). – Tareq Apr 29 '23 at 12:39
  • I see another issue but I'm not sure what the solution is exactly. Dart and C# are giving different values for milliseconds since epoch for those dates. In dart `DateTime(2023, 04, 26, 10, 10, 10).millisecondsSinceEpoch` gives `1682521810000`, while in C# `new DateTimeOffset(new DateTime(2023, 04, 26, 10, 10, 10)).ToUnixTimeMilliseconds()` gives `1682503810000`. I'm not sure why the difference, but maybe it can point you in the right direction. – mmcdon20 Apr 29 '23 at 17:32

0 Answers0