Download the PHP package tbaumgard/yubilib without Composer
On this page you can find all versions of the php package tbaumgard/yubilib. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download tbaumgard/yubilib
More information about tbaumgard/yubilib
Files in tbaumgard/yubilib
Package yubilib
Short Description YubiKey one-time password (OTP) validation, YubiKey emulator, and format validation
License BSD-3-Clause
Homepage https://github.com/tbaumgard/yubilib
Informations about the package yubilib
yubilib
yubilib
is a PHP library for remotely and locally validating YubiKey one-time passwords (OTPs). It also includes a YubiKey emulator for testing and development as well as functions to check whether the various components of a one-time password are in the correct format.
Documentation
HTML-formatted documentation can be generated using Doxygen and the included Doxyfile
file. The generated documentation is placed in the documentation/html
directory, and the main page can be found at documentation/html/index.html
.
Example Usage
Remote Validation
Validating a one-time password using a validation server is fairly straightforward. First, either get a client ID and API key to use Yubico's YubiCloud validation servers or host a validation server yourself.
Then, simply make a call to the server with those credentials:
Local Validation
Storing Credentials
To be able to validate a one-time password, your application must first have credentials stored somewhere. yubilib
includes functions to make this easier. For example:
Security Notice: it is absolutely essential that the credentials are stored in a secure and encrypted manner. If you're unsure how to do that properly, use remote validation and the YubiCloud validation servers instead.
Validating a One-Time Password
Once the credentials have been stored securely, validating a one-time password is pretty straightforward:
Format Validation
The library also includes functions to validate the format of one-time passwords and their various components. Here are some examples:
Emulator
The emulator.php
file contains a YubiKey emulator for testing and development purposes. By default, this file doesn't do anything in order to prevent abuse if this file is made publicly available, e.g., on a website. You must first comment out the return
statement at the beginning of the file to use the emulator.
Once that is done, you can modify the values in emulator.php
and run it to generate and print a one-time password.
Notes
- Your application should include some kind of recovery mechanism for users who lose their YubiKeys.
- Your application should mitigate brute-force and other attacks by only allowing a specific amount of login attempts during a specific time interval.
- With regards to local validation, it is absolutely essential that the credentials are stored in a secure and encrypted manner. If you're unsure how to do that properly, use remote validation and the YubiCloud validation servers instead.
- In the interest of full disclosure, this library hasn't gone through a third-party security audit.
All versions of yubilib with dependencies
ext-openssl Version *
ext-curl Version *
paragonie/constant_time_encoding Version ^1|^2