Package io.github.pratiyush.totp

Enum Class Algorithm

java.lang.Object
java.lang.Enum<Algorithm>
io.github.pratiyush.totp.Algorithm
All Implemented Interfaces:
Serializable, Comparable<Algorithm>, Constable
public enum Algorithm extends Enum<Algorithm>
Supported HMAC algorithms for TOTP generation.

This enum provides type-safe algorithm selection, eliminating string typos and ensuring only tested, secure algorithms are used.

Algorithm Recommendations

  • SHA1 - Default, widest compatibility (Google Authenticator)
  • SHA256 - Recommended for new implementations
  • SHA512 - Maximum security, larger key requirement
See Also:

  • Enum Constant Details

    • SHA1

      public static final Algorithm SHA1
      HMAC-SHA1 algorithm.

      Default algorithm with maximum compatibility. While SHA-1 has known collision vulnerabilities, HMAC-SHA1 remains secure for TOTP use cases as it operates in a keyed context.

      Recommended key size: 20 bytes (160 bits)

    • SHA256

      public static final Algorithm SHA256
      HMAC-SHA256 algorithm.

      Recommended for new implementations. Provides better security margin than SHA-1 while maintaining reasonable performance.

      Recommended key size: 32 bytes (256 bits)

    • SHA512

      public static final Algorithm SHA512
      HMAC-SHA512 algorithm.

      Maximum security option. Use when security requirements demand the highest margin of safety.

      Recommended key size: 64 bytes (512 bits)

  • Method Details

    • values

      public static Algorithm[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static Algorithm valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • getJcaName

      public String getJcaName()
      Returns the Java Cryptography Architecture (JCA) algorithm name.
      Returns:
      JCA name suitable for use with Mac

    • getRecommendedKeyBytes

      public int getRecommendedKeyBytes()
      Returns the recommended key size in bytes for this algorithm.

      Per RFC 6238, the key should be at least as long as the hash output. Using shorter keys weakens security; longer keys provide no additional benefit.

      Returns:
      recommended key size in bytes

    • getRecommendedSecretLength

      public int getRecommendedSecretLength()
      Returns the recommended secret length in Base32 characters.

      Base32 encodes 5 bits per character, so the character count is: ceil(keyBytes * 8 / 5)

      Returns:
      recommended Base32 secret length

    • getOtpauthName

      public String getOtpauthName()
      Returns the otpauth URI algorithm parameter value.
      Returns:
      algorithm name for otpauth URI (e.g., "SHA256")

    • fromName

      public static Algorithm fromName(String name)
      Parses an algorithm from its JCA name or enum name.
      Parameters:
      name - the algorithm name (case-insensitive)
      Returns:
      the matching algorithm
      Throws:
      IllegalArgumentException - if no matching algorithm exists