TOTP / HOTP Offline Code Generator

Generate RFC 6238 TOTP (time-based, 6/8 digits, 30/60s step) and RFC 4226 HOTP (counter-based) one-time passwords from a base32 shared secret, fully offline with HMAC-SHA1/256/512, plus an otpauth:// URI for importing into Google Authenticator / Authy

Enter the base32 shared secret (as shown next to a QR code in Google Authenticator / Authy) and the tool computes one-time passwords locally — nothing is sent to any server.

Supported:

  • TOTP (RFC 6238): time-based codes derived from the current UNIX time and a step (30s or 60s). This is what Google Authenticator shows for most 2FA accounts.
  • HOTP (RFC 4226): counter-based codes derived from a shared counter value.
  • HMAC algorithms: SHA-1 (the RFC default, used by virtually every authenticator app), SHA-256, SHA-512.
  • 6-digit (default) or 8-digit output.
  • "Show next N codes" — preview the next several TOTP windows or HOTP counters, useful for testing drift.
  • Export an otpauth:// URI (with optional issuer + account label) so the account can be re-imported into any authenticator app.

Implementation notes:

  • HOTP uses the standard dynamic-truncation algorithm: HMAC the 8-byte big-endian counter, take the low 4 bits of the last byte as offset, extract a 31-bit integer, then mod 10^digits.
  • TOTP is HOTP with counter = floor(unixTime / step).
  • Secret decoding is RFC 4648 base32 (no padding required). Spaces are ignored so pasted secrets with separators still work.

Use cases: verifying your 2FA seed produces the same code as a phone, building TOTP verification into a login flow, teaching HMAC-based OTP, or migrating a 2FA account to a new device via otpauth://.

Example Results

1 examples

Generate the current 6-digit TOTP for a known seed

Uses the classic RFC test seed JBSWY3DPEHPK3PXP with SHA-1, 6 digits, 30s step.

Shows the current TOTP code, countdown ring, next 5 windows, and an otpauth:// URI.
View input parameters
{ "secret": "JBSWY3DPEHPK3PXP", "mode": "totp", "algorithm": "sha1", "digits": 6, "period": 30, "counter": 0, "preview": 5, "issuer": "Acme", "account": "[email protected]" }

Key Facts

Category
Security & Validation
Input Types
text, select, number
Output Type
html
Sample Coverage
4
API Ready
Yes

Overview

The TOTP / HOTP Offline Code Generator is a secure, local utility that generates RFC 6238 time-based and RFC 4226 counter-based one-time passwords directly from a base32 shared secret. Operating entirely in your browser without sending data to external servers, it supports HMAC-SHA1, SHA-256, and SHA-512 algorithms, outputs 6 or 8-digit codes, and generates standard otpauth:// URIs for easy import into authenticator apps like Google Authenticator or Authy.

When to Use

  • When you need to verify that a raw 2FA base32 seed generates the correct one-time password without using a mobile device.
  • When migrating 2FA accounts to a new authenticator app by generating a standard otpauth:// URI from a raw secret.
  • When testing or debugging custom TOTP/HOTP authentication flows during software development.

How It Works

  • The tool decodes the provided base32 shared secret locally, ignoring any spaces or formatting characters.
  • It computes the current time-step counter for TOTP or uses the specified counter value for HOTP.
  • It applies the selected HMAC algorithm (SHA-1, SHA-256, or SHA-512) and performs dynamic truncation to extract the 6 or 8-digit code.
  • It renders the active code, a real-time countdown, a preview of upcoming codes, and a formatted otpauth:// URI.

Use Cases

Verifying the validity of a backup 2FA seed before storing it securely.
Generating a batch of future codes to test clock drift handling in a backend authentication system.
Creating custom QR codes or import links for team members using the generated otpauth:// URI.

Examples

1. Verifying a Standard 2FA Secret

Security Administrator
Background
An administrator needs to verify that a newly generated backup seed matches the codes generated by a user's hardware token.
Problem
Confirming the seed is correct without registering it on a physical phone.
How to Use
Enter the base32 secret, select TOTP mode, choose SHA-1, set digits to 6, and check the generated code against the token.
Example Config
Secret: JBSWY3DPEHPK3PXP, Mode: TOTP, Algorithm: SHA-1, Digits: 6, Period: 30
Outcome
The tool displays the current 6-digit code and a countdown, confirming the seed generates the expected values.

2. Creating an Import URI for a Custom Account

DevOps Engineer
Background
An engineer wants to distribute a shared 2FA credential to team members for a staging environment.
Problem
Generating a standard URI that team members can scan or copy into their authenticator apps.
How to Use
Input the shared secret, enter the issuer name and account email, and copy the generated otpauth:// URI.
Example Config
Secret: JBSWY3DPEHPK3PXP, Issuer: StagingEnv, Account: [email protected]
Outcome
An otpauth://totp/StagingEnv:[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=StagingEnv URI is generated for instant import.

Try with Samples

hash
QR Code Samples
Sample QR code images for testing QR code reading and generation tools
title token code
sample
Invalid Variable Names Code Samples
Sample code files demonstrating invalid variable naming conventions across different programming languages
title token code
sample
Code Comment Samples
Sample code files with various comment styles for testing comment removal
title token code
sample
Color Code Samples
Collection of color codes in various formats (Hex, RGB, HSL, named colors) for validation testing
title token code
sample

Related Hubs

Audio Encoding and Format Conversion Tools
Compare audio format conversion, bitrate changes, sample-rate conversion, codec swaps, and export tools in one hub for delivery and archive workflows.
Image Format Conversion and Animated Export Tools
Compare image format converters for JPG, PNG, GIF, AVIF, WebP, TIFF, ICO, base64, and animation-friendly exports in one hub.
JSON Interchange and Format Translation Tools
Compare JSON conversion tools for CSV, YAML, TOML, GraphQL, XML, Markdown, Excel, BSON, EDN, and related structured formats in one hub.
Color Space Conversion Tools for Web and Print
Curated tools for web-to-print color space conversion in one hub.

FAQ

Is my shared secret sent to a server?

No. All calculations are performed locally in your browser, ensuring your 2FA secrets remain completely private.

Which authenticator apps support the generated otpauth URI?

Most major authenticator apps, including Google Authenticator, Authy, Microsoft Authenticator, and 1Password, support it.

What is the difference between TOTP and HOTP?

TOTP generates codes based on the current time (e.g., changing every 30 seconds), while HOTP generates codes based on an incrementing counter.

Can I use secrets that contain spaces?

Yes. The generator automatically ignores spaces and formatting characters when decoding the base32 secret.

Why does the generated code not match my app?

Ensure your system clock is synchronized, and verify that the algorithm (usually SHA-1), digits (usually 6), and period (usually 30s) match your provider's settings.

API Documentation

Request Endpoint

POST /en/api/tools/totp-hotp-offline-generator

Request Parameters

Parameter Name Type Required Description
secret text Yes -
mode select No -
algorithm select No -
digits select No -
period select No -
counter number No -
preview number No -
issuer text No -
account text No -

Response Format

{
  "result": "
Processed HTML content
",
  "error": "Error message (optional)",
  "message": "Notification message (optional)",
  "metadata": {
    "key": "value"
  }
}
HTML: HTML

AI MCP Documentation

Add this tool to your MCP server configuration: 

{
  "mcpServers": {
    "elysiatools-totp-hotp-offline-generator": {
      "name": "totp-hotp-offline-generator",
      "description": "Generate RFC 6238 TOTP (time-based, 6/8 digits, 30/60s step) and RFC 4226 HOTP (counter-based) one-time passwords from a base32 shared secret, fully offline with HMAC-SHA1/256/512, plus an otpauth:// URI for importing into Google Authenticator / Authy",
      "baseUrl": "https://elysiatools.com/mcp/sse?toolId=totp-hotp-offline-generator",
      "command": "",
      "args": [],
      "env": {},
      "isActive": true,
      "type": "sse"
    }
  }
}

You can chain multiple tools, e.g.: `https://elysiatools.com/mcp/sse?toolId=png-to-webp,jpg-to-webp,gif-to-webp`, max 20 tools.

If you encounter any issues, please contact us at [email protected]