Download the PHP package tbaumgard/yubilib without Composer
On this page you can find all versions of the php package tbaumgard/yubilib. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download tbaumgard/yubilib
More information about tbaumgard/yubilib
Files in tbaumgard/yubilib
Package yubilib
Short Description YubiKey one-time password (OTP) validation, YubiKey emulator, and format validation
License BSD-3-Clause
Homepage https://github.com/tbaumgard/yubilib
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package yubilib
yubilib
yubilib is a PHP library for remotely and locally validating YubiKey one-time passwords (OTPs). It also includes a YubiKey emulator for testing and development as well as functions to check whether the various components of a one-time password are in the correct format.
Documentation
HTML-formatted documentation can be generated using Doxygen and the included Doxyfile file. The generated documentation is placed in the documentation/html directory, and the main page can be found at documentation/html/index.html.
Example Usage
Remote Validation
Validating a one-time password using a validation server is fairly straightforward. First, either get a client ID and API key to use Yubico's YubiCloud validation servers or host a validation server yourself.
Then, simply make a call to the server with those credentials:
Local Validation
Storing Credentials
To be able to validate a one-time password, your application must first have credentials stored somewhere. yubilib includes functions to make this easier. For example:
Security Notice: it is absolutely essential that the credentials are stored in a secure and encrypted manner. If you're unsure how to do that properly, use remote validation and the YubiCloud validation servers instead.
Validating a One-Time Password
Once the credentials have been stored securely, validating a one-time password is pretty straightforward:
Format Validation
The library also includes functions to validate the format of one-time passwords and their various components. Here are some examples:
Emulator
The emulator.php file contains a YubiKey emulator for testing and development purposes. By default, this file doesn't do anything in order to prevent abuse if this file is made publicly available, e.g., on a website. You must first comment out the return statement at the beginning of the file to use the emulator.
Once that is done, you can modify the values in emulator.php and run it to generate and print a one-time password.
Notes
- Your application should include some kind of recovery mechanism for users who lose their YubiKeys.
- Your application should mitigate brute-force and other attacks by only allowing a specific amount of login attempts during a specific time interval.
- With regards to local validation, it is absolutely essential that the credentials are stored in a secure and encrypted manner. If you're unsure how to do that properly, use remote validation and the YubiCloud validation servers instead.
- In the interest of full disclosure, this library hasn't gone through a third-party security audit.
All versions of yubilib with dependencies
ext-openssl Version *
ext-curl Version *
paragonie/constant_time_encoding Version ^1|^2