Skip to content
/ yubikey_otp Public

Unofficial Elixir client for the classic Yubikey OTP protocol

License

MIT license
8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Digital-Identity-Labs/yubikey_otp

BranchesTags

Repository files navigation

YubikeyOTP

YubikeyOTP is an Elixir client for authenticating Yubikey one-time-passwords. It can verify OTPs using Yubico's public API or by using your own or third-party OTP validation services.

In addition to acting as a client, YubikeyOTP's OTP parsing feature can be used to build your own validation service.

This early release has not been used in production yet and doesn't have enough tests - please try it and get in touch if something doesn't behave as expected.

Hex pm API Docs Github Elixir CI License

Installation

The package can be installed by adding yubikey_otp to your list of dependencies in mix.exs:

def deps do
  [
    {:yubikey_otp, "~> 0.2.4"}
  ]
end

Purpose

A Yubikey is a tiny USB device that connects to your computer as if it was USB keyboard. Pressing the button on a Yubikey causes it to type a new unique password that can be checked against a remote server once. Yubikeys can be used for authentication with both command-line and web applications, but are most commonly used alongside traditional passwords to provide Two Factor Authentication on web sites - the key is "something you have".

Most Yubikeys since 2008 can generate OTPs, but modern Yubikeys also support the U2F and WebAuthn standards: these standard are more secure and immune to phishing, and should be prefered for new services. The older OTP format is more widely deployed and still actively used. This library only supports the older OTP format.

YubikeyOTP takes the OTP code generated by the Yubikey, sends it to a Yubkey Validation Service to be verified, and parses the API result. It follows Yubico's recommendation to send queries to five different API endpoints simultaneously.

    my_id = Application.get_env(:my_app, :yubikey_client_id)

    {:ok, service} = YubikeyOTP.service(api_id: my_id)

    YubikeyOTP.verify("ccccccclzlojikekndkhfibggvkgujttihkcuvkjfrvj", service)
    # => {:ok, :ok}

    YubikeyOTP.verify("ccccccclzlojikekndkhfibggvkgujttihkcuvkjfrvj", service)
    # => {:error, :replayed_otp}

Requirements

  • You'll need a Yubikey! They can be bought from Yubico or other online stores such as Amazon. The cheaper "Security Key" range does not generate OTPs, only WebAuthn, and won't work with this code.

  • You need to sign up for an API key (using your Yubikey)

API Documentation

Full API documentation can be found at https://hexdocs.pm/yubikey_otp.

Contributing

You can request new features by creating an issue, or submit a pull request with your contribution.

Contributors

Copyright and License

Copyright (c) 2022 Digital Identity Ltd, UK

YubikeyOTP is MIT licensed.

References

Disclaimer

YubikeyOTP is not endorsed by Yubico.

About

Unofficial Elixir client for the classic Yubikey OTP protocol

Topics

elixir otp yubikey passwords 2fa yubico-otp yubikey-authenticators yubicloud-otp

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 2

0.2.3 Latest
Jun 2, 2021
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages