Skip to content

GoogleOtpAuthenticator

Jump to bottom Edit New page
Albert Sunyer edited this page May 29, 2015 · 13 revisions

Introduction

OATH is a common standard for OTP password generation defined in RFC 4226. The OTP is unique for each user that personalized the calculation with a unique seed. A counter value is incremented after each calculation (event based OTP) or valid for a specific time (time based OTP).

An OATH calculation in software is possible but discouraged as the seed could get lost or tampered after flashing or rooting the phone. For this purpose the OATH calculation takes place in a Secure Element (like an UICC, eSE or Mobile Security Card) where the private seed is kept secure in the GoogleOtpAuthenticator applet.

Walk through

Install Applet and APK

  • Install the oath.cap file on the Secure Element with JLoad or other Java Card compliant Global Platform loader tools.
    Note: JLoad is included in the Mobile Security Developer's Kit
  • Install the GoogleOtpAuthenticator.apk on your Android device equipped with the Secure Element and SmartCardApi installed.
    Note: Without Smarcard API, please check out how to Building The System
  • Run the application on the Android phone, open the menu and personalize the applet
    Note: To scan the OR Code the Barcode Reader Application from zxing is necessary. You can either install it via Google Play or from their project site http://code.google.com/p/zxing/.

Activate 2-step verification

  • Log in into your Google account and navigate to the Security Options of your account settings.
  • First it might be necessary to register your subscriber number of your mobile phone via SMS.
  • Now you can activate a mobile application to generate access codes. Click on Android to start the activation.
  • Scan the QR code with Google OTP Authenticator
  • Enter the generated OTP.
  • After successful confirmation the Google OTP Authenticator is now ready to use for 2-step verification with your Google account.

Android Application

The Android application is for demonstration and test purposes only. Do not use in production environments!

Java Card Applet

The Java Card applet is for demonstration and test purposes only. Do not use in production environments!
The applet within the Java Card CAP file uses the following AIDs:
PackageAID: 0xD2:0x76:0x00:0x01:0x18:0x00:0x03:0xFF:0x49:0x10:0x00:0x89:0x00:0x00:0x02:0x00

Applet AID: 0xD2:0x76:0x00:0x01:0x18:0x00:0x03:0xFF:0x49:0x10:0x00:0x89:0x00:0x00:0x02:0x01
Add a custom footer
Clone this wiki locally