Clarified that keys should be SecretKey instances and not just Key instances.

Author: jchambers

README.md

@@ -13,11 +13,11 @@ final TimeBasedOneTimePasswordGenerator totp = new TimeBasedOneTimePasswordGener
 To actually generate time-based one-time passwords, you'll need a secret key and a timestamp. Secure key management is beyond the scope of this document; for the purposes of an example, though, we'll generate a random key:
 
 ```java
-final Key secretKey;
+final SecretKey secretKey;
 {
     final KeyGenerator keyGenerator = KeyGenerator.getInstance(totp.getAlgorithm());
 
-    // HMAC-SHA1 and HMAC-SHA256 prefer 64-byte (512-bit) keys; HMAC-SHA512 prefers 128-byte (1024-bit) keys
+    // SHA-1 and SHA-256 prefer 64-byte (512-bit) keys; SHA512 prefers 128-byte (1024-bit) keys
     keyGenerator.init(512);
 
     secretKey = keyGenerator.generateKey();

src/main/java/com/eatthepath/otp/HmacOneTimePasswordGenerator.java

@@ -20,13 +20,12 @@
 
 package com.eatthepath.otp;
 
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
 import java.nio.ByteBuffer;
 import java.security.InvalidKeyException;
-import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 
-import javax.crypto.Mac;
-
 /**
  * <p>Generates HMAC-based one-time passwords (HOTP) as specified in
  * <a href="https://tools.ietf.org/html/rfc4226">RFC&nbsp;4226</a>.</p>
@@ -123,20 +122,20 @@ protected HmacOneTimePasswordGenerator(final int passwordLength, final String al
     /**
      * Generates a one-time password using the given key and counter value.
      *
-     * @param key a secret key to be used to generate the password
+     * @param secretKey a secret key to be used to generate the password
      * @param counter the counter value to be used to generate the password
      *
      * @return an integer representation of a one-time password; callers will need to format the password for display
      * on their own
      *
      * @throws InvalidKeyException if the given key is inappropriate for initializing the {@link Mac} for this generator
      */
-    public int generateOneTimePassword(final Key key, final long counter) throws InvalidKeyException {
+    public int generateOneTimePassword(final SecretKey secretKey, final long counter) throws InvalidKeyException {
         final Mac mac;
 
         try {
             mac = Mac.getInstance(this.algorithm);
-            mac.init(key);
+            mac.init(secretKey);
         } catch (final NoSuchAlgorithmException e) {
             // This should never happen since we verify that the algorithm is legit in the constructor.
             throw new RuntimeException(e);

src/main/java/com/eatthepath/otp/TimeBasedOneTimePasswordGenerator.java

@@ -21,8 +21,8 @@
 package com.eatthepath.otp;
 
 import javax.crypto.Mac;
+import javax.crypto.SecretKey;
 import java.security.InvalidKeyException;
-import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
@@ -129,16 +129,16 @@ public TimeBasedOneTimePasswordGenerator(final long timeStep, final TimeUnit tim
     /**
      * Generates a one-time password using the given key and timestamp.
      *
-     * @param key a secret key to be used to generate the password
+     * @param secretKey a secret key to be used to generate the password
      * @param timestamp the timestamp for which to generate the password
      *
      * @return an integer representation of a one-time password; callers will need to format the password for display
      * on their own
      *
      * @throws InvalidKeyException if the given key is inappropriate for initializing the {@link Mac} for this generator
      */
-    public int generateOneTimePassword(final Key key, final Date timestamp) throws InvalidKeyException {
-        return this.generateOneTimePassword(key, timestamp.getTime() / this.timeStepMillis);
+    public int generateOneTimePassword(final SecretKey secretKey, final Date timestamp) throws InvalidKeyException {
+        return this.generateOneTimePassword(secretKey, timestamp.getTime() / this.timeStepMillis);
     }
 
     /**

src/test/java/com/eatthepath/otp/ExampleApp.java

@@ -21,17 +21,18 @@
 package com.eatthepath.otp;
 
 import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import java.security.InvalidKeyException;
-import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
 public class ExampleApp {
+
     public static void main(final String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
         final TimeBasedOneTimePasswordGenerator totp = new TimeBasedOneTimePasswordGenerator();
 
-        final Key secretKey;
+        final SecretKey secretKey;
         {
             final KeyGenerator keyGenerator = KeyGenerator.getInstance(totp.getAlgorithm());
 

src/test/java/com/eatthepath/otp/HmacOneTimePasswordGeneratorTest.java

@@ -20,20 +20,18 @@
 
 package com.eatthepath.otp;
 
-import static org.junit.Assert.*;
-
-import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.spec.SecretKeySpec;
-
 import junitparams.JUnitParamsRunner;
 import junitparams.Parameters;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+
+import static org.junit.Assert.assertEquals;
+
 @RunWith(JUnitParamsRunner.class)
 public class HmacOneTimePasswordGeneratorTest {
 
@@ -83,7 +81,7 @@ public void testGetAlgorithm() throws NoSuchAlgorithmException {
     public void testGenerateOneTimePassword(final int counter, final int expectedOneTimePassword) throws Exception {
         final HmacOneTimePasswordGenerator hmacOneTimePasswordGenerator = this.getDefaultGenerator();
 
-        final Key key = new SecretKeySpec("12345678901234567890".getBytes(StandardCharsets.US_ASCII), "RAW");
+        final SecretKey key = new SecretKeySpec("12345678901234567890".getBytes(StandardCharsets.US_ASCII), "RAW");
         assertEquals(expectedOneTimePassword, hmacOneTimePasswordGenerator.generateOneTimePassword(key, counter));
     }
 

src/test/java/com/eatthepath/otp/TimeBasedOneTimePasswordGeneratorTest.java

@@ -25,9 +25,9 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
-import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
@@ -87,10 +87,10 @@ public void testGenerateOneTimePassword(final String algorithm, final long epoch
 
         final Date date = new Date(TimeUnit.SECONDS.toMillis(epochSeconds));
 
-        assertEquals(expectedOneTimePassword, totp.generateOneTimePassword(getKeyForAlgorithm(algorithm), date));
+        assertEquals(expectedOneTimePassword, totp.generateOneTimePassword(getSecretKeyForAlgorithm(algorithm), date));
     }
 
-    private static Key getKeyForAlgorithm(final String algorithm) {
+    private static SecretKey getSecretKeyForAlgorithm(final String algorithm) {
         final String keyString;
 
         switch (algorithm) {