Pure PHP Yubikey Local OTP Authentication: Check a YubiKey OTP authentication locally

Recommend this page to a friend!
  Info   Documentation   Demos   View files (4)   Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 237 All time: 7,913 This week: 292
Version License PHP version Categories
yubikey 4.3.20GNU Lesser Genera...5.3.0PHP 5, Cryptography, Security
Description Author

This class can check a YubiKey OTP authentication locally.

It can take the first 12 characters (public id) of OTP (One Time Password) to check to retrieve the right AES key secret from your user identification handler to decrypt the dynamic OTP part.

This class includes AES128 decryption class from Jose Manuel Busto Lopez to provide a pure PHP implementation of the local OTP authentication.

Innovation Award
PHP Programming Innovation award nominee
January 2015
Number 4


Prize: One downloadable copy of CodeLobster Professional
One Time Passwords (OTP) are used to implement high security systems by using passwords that only work one time.

This class provides a pure PHP solution that can validate an OTP password locally, thus without relying on external authentication servers.

Manuel Lemos
Picture of André Liechti
  Performance   Level  
Name: André Liechti <contact>
Classes: 8 packages by
Country: Switzerland Switzerland
Age: 51
All time rank: 4186 in Switzerland Switzerland
Week rank: 771 8 in Switzerland Switzerland
Innovation award
Innovation award
Nominee: 8x

Winner: 2x

Details

YubiKey PHP class

Yubikey PHP class is a GNU LGPL class to check a YubiKey authentication locally

(c) 2014-2015 SysCo systemes de communication sa The Yubikey PHP class is a subset of the multiOTP open source project. http://www.multiOTP.net/

Current build: 4.3.2.0 (2015-01-04)

No external file is needed (no PEAR, no PECL).

AES 128 encryption and decryption algorithms using pure PHP code (LGPLv2.1) from Jose Manuel Busto Lopez is directly integrated in the source code.

In Yubico OTP mode, when the YubiKey button is pressed, the returned string is 44 characters long, with 12 characters for the fixed public id, and 32 characters for the dynamic OTP part. With the 12 characters of the public id, the right AES key (the secret) can be retrieved from your user identification handler to decrypt the dynamic OTP part.

Usage

<?php
    require_once('yubikey.class.php');
    $yubikey = new Yubikey();
    $result = $yubikey->checkYubicoOtp($yubico_modhex_encrypted_part,
                                       $secret,
                                       $last_valid_position);
?>

Possible returned value is one of the following:


          OK  The OTP is valid.
     BAD_OTP  The OTP is invalid format.
REPLAYED_OTP  The OTP has already been used.

Check yubikey.demo.php for a full implementation example.

You can support our open source projects with donations and sponsoring. Sponsorships are crucial for ongoing and future development! If you'd like to support our work, then consider making a donation, any support is always welcome even if it's as low as $1! You can also sponsor the development of a specific feature. Please contact us in order to discuss the detail of the implementation.

[Donate via PayPal by clicking here][1]. [![Donate via PayPal][2]][1] [1]: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N56M9E2SEAUD4 [2]: https://www.paypalobjects.com/webstatic/mktg/logo/pp_cc_mark_37x23.jpg

And for more PHP classes, have a look on PHPclasses.org, where a lot of authors are sharing their classes for free.

  Yubikey local check demo  

Open in a separate window

  Files  
File Role Description
LICENSE.md Lic. LGPL license
README.md Doc. Documentation
yubikey.class.php Class Class source
yubikey.demo.php Example Example script

yubikey-2015-01-23.zip 13KB
yubikey-2015-01-23.tar.gz 11KB
Install with Composer
Needed packages  
Class DownloadWhy it is needed Dependency
AES 128 .zip .tar.gz AES 128 source code is integrated in class source code in order to have only one file to include. Optional
 Version Control Reuses Unique User Downloads Download Rankings  
 100%1
Total:237
This week:0
All time:7,913
This week:292

For more information send a message to info at phpclasses dot org.