PHP Classes

Pure PHP Yubikey Local OTP Authentication: Check a YubiKey OTP authentication locally

Recommend this page to a friend!
  Info   View files Documentation   Demos   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-10 (4 months ago) RSS 2.0 feedNot enough user ratingsTotal: 295 All time: 7,451 This week: 95Up
Version License PHP version Categories
yubikey 4.3.29GNU Lesser Genera...5.3.0PHP 5, Cryptography, Security


This class can check a YubiKey OTP authentication locally.

It can take the first 12 characters (public id) of OTP (One Time Password) to check to retrieve the right AES key secret from your user identification handler to decrypt the dynamic OTP part.

This class includes AES128 decryption class from Jose Manuel Busto Lopez to provide a pure PHP implementation of the local OTP authentication.

Innovation Award
PHP Programming Innovation award nominee
January 2015
Number 4

Prize: One downloadable copy of CodeLobster Professional
One Time Passwords (OTP) are used to implement high security systems by using passwords that only work one time.

This class provides a pure PHP solution that can validate an OTP password locally, thus without relying on external authentication servers.

Manuel Lemos
Picture of André Liechti
  Performance   Level  
Name: André Liechti <contact>
Classes: 9 packages by
Country: Switzerland Switzerland
Age: 55
All time rank: 4016 in Switzerland Switzerland
Week rank: 75 Up2 in Switzerland Switzerland Up
Innovation award
Innovation award
Nominee: 8x

Winner: 2x


YubiKey PHP class

Yubikey PHP class is a GNU LGPL class to check a YubiKey authentication locally

(c) 2014-2015 SysCo systemes de communication sa The Yubikey PHP class is a subset of the multiOTP open source project.

Current build: (2015-01-04)

No external file is needed (no PEAR, no PECL).

AES 128 encryption and decryption algorithms using pure PHP code (LGPLv2.1) from Jose Manuel Busto Lopez is directly integrated in the source code.

In Yubico OTP mode, when the YubiKey button is pressed, the returned string is 44 characters long, with 12 characters for the fixed public id, and 32 characters for the dynamic OTP part. With the 12 characters of the public id, the right AES key (the secret) can be retrieved from your user identification handler to decrypt the dynamic OTP part.


    $yubikey = new Yubikey();
    $result = $yubikey->checkYubicoOtp($yubico_modhex_encrypted_part,

Possible returned value is one of the following:

          OK  The OTP is valid.
     BAD_OTP  The OTP is invalid format.
REPLAYED_OTP  The OTP has already been used.

Check yubikey.demo.php for a full implementation example.

You can support our open source projects with donations and sponsoring. Sponsorships are crucial for ongoing and future development! If you'd like to support our work, then consider making a donation, any support is always welcome even if it's as low as $1! You can also sponsor the development of a specific feature. Please contact us in order to discuss the detail of the implementation.

[Donate via PayPal by clicking here][1]. [![Donate via PayPal][2]][1] [1]: [2]:

And for more PHP classes, have a look on, where a lot of authors are sharing their classes for free.

  Yubikey local check demoExternal page  
  Files folder image Files  
File Role Description
Accessible without login Plain text file Lic. LGPL license
Accessible without login Plain text file Doc. Documentation
Plain text file yubikey.class.php Class Class source
Accessible without login Plain text file yubikey.demo.php Example Example script 13KB
Install with ComposerInstall with Composer
Needed packages  
Class DownloadWhy it is needed Dependency
AES 128 Download .zip .tar.gz AES 128 source code is integrated in class source code in order to have only one file to include. Optional
 Version Control Reuses Unique User Downloads Download Rankings  
This week:0
All time:7,451
This week:95Up
User Comments (1)