I am trying to create a time limited key to use in one of my applications. The key is used to unlock certain bits of functionality in an application.

My thinking so far is

to generate: cryptographic hash the various bits of info I need + key generation date

to validate: cryptographic hash the various bits of info I need + date now

if all the info is the same and the date is the same I get the same value

But,

this means the key will only work on a certain date. What I want is a key that is valid for the next 24 hours (or extending this, few days/week/month).

I can extend the period but there is always the possibility of generating the key just before the period expires, like the last day of the month for a month key.

Firstly, is this an acceptable way of proceeding at all? If so, how do I do it?

I am aware that "winding" the clock back will defeat the system - but I am still interested in getting some opinions

I have read How do I generate a time limited key or password without storing data which is a similar issue.

You can make the expiration date part of the token and authenticate the whole data with an MAC like HMAC:

token = data ":" expiration ":" HMAC(key, data ":" expiration)

To validate the token, all you need is to compare the given expiration datum and regenerate the MAC for the provided data with the secret key.

If any of the provided parameters were tampered, the MAC will be different as one needs the secret key to generate an authentic MAC.