All Projects → lfkeitel → php-totp

lfkeitel / php-totp

Licence: MIT license
HOTP and TOTP token generation

Programming Languages

23972 projects - #3 most used programming language

Projects that are alternatives of or similar to php-totp

HMAC-based (HOTP) and Time-based (TOTP) One-Time Password manager. Works with Google Authenticator for Two-Factor Authentication.
Stars: ✭ 79 (+139.39%)
Mutual labels:  otp, totp, hotp, google-authenticator
🔐 A PHP library for generating one time passwords according to RFC 4226 (HOTP) and the RFC 6238 (TOTP)
Stars: ✭ 857 (+2496.97%)
Mutual labels:  otp, totp, hotp
Highly secure and easy to use OTP client written in C/GTK that supports both TOTP and HOTP
Stars: ✭ 206 (+524.24%)
Mutual labels:  otp, totp, hotp
🔑 A small library for generating TOTP and HOTP one-time passwords on iOS.
Stars: ✭ 243 (+636.36%)
Mutual labels:  otp, totp, hotp
HMAC Based One Time Passwords in PHP. RFC4226 and RFC6238 compliant.
Stars: ✭ 51 (+54.55%)
Mutual labels:  otp, totp, hotp
Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
Stars: ✭ 292 (+784.85%)
Mutual labels:  otp, totp, hotp
A free, secure and open source app for Android to manage your 2-step verification tokens.
Stars: ✭ 2,692 (+8057.58%)
Mutual labels:  otp, totp, hotp
iOS, watchOS, & macOS One-Time Password client
Stars: ✭ 14 (-57.58%)
Mutual labels:  otp, totp, hotp
multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support
Stars: ✭ 121 (+266.67%)
Mutual labels:  otp, totp, hotp
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).
Stars: ✭ 107 (+224.24%)
Mutual labels:  otp, totp, hotp
CrOTP - One Time Passwords for Crystal
Stars: ✭ 62 (+87.88%)
Mutual labels:  otp, totp, hotp
multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
Stars: ✭ 173 (+424.24%)
Mutual labels:  otp, totp, hotp
Open source two-factor authentication for Android
Stars: ✭ 3,326 (+9978.79%)
Mutual labels:  otp, totp, hotp
Enhanced fork of FreeOTP-Android providing a feature-rich 2FA authenticator
Stars: ✭ 223 (+575.76%)
Mutual labels:  otp, totp, hotp
extract otp secret keys
Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app
Stars: ✭ 217 (+557.58%)
Mutual labels:  otp, totp, google-authenticator
Javascript One-Time Password module.
Stars: ✭ 71 (+115.15%)
Mutual labels:  otp, totp, hotp
Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality.
Stars: ✭ 45 (+36.36%)
Mutual labels:  totp, hotp, google-authenticator
One Time Password (HOTP/TOTP) library for Node.js, Deno and browsers.
Stars: ✭ 135 (+309.09%)
Mutual labels:  otp, totp, hotp
apache 2fa
Apache two-factor (2FA) authentication with Google Authenticator based on Time-based One-Time Password (TOTP) or HMAC-based one-time password (HOTP) Algorithms.
Stars: ✭ 63 (+90.91%)
Mutual labels:  totp, hotp, google-authenticator
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Stars: ✭ 664 (+1912.12%)
Mutual labels:  otp, totp, hotp

HOTP/TOTP Token Generator

This is a simple PHP library and script that will generate HOTP and TOTP tokens. The library fully conforms to RFCs 4226 and 6238. All hashing algorithms are supported as well as the length of a token and the start time for TOTP.


Add the following to your composer.json:

    "require": {
        "lfkeitel/phptotp": "^1.0"

And run composer install.



use lfkeitel\phptotp\{Base32,Totp};

# Generate a new secret key
# Note: GenerateSecret returns a string of random bytes. It must be base32 encoded before displaying to the user. You should store the unencoded string for later use.
$secret = Totp::GenerateSecret(16);

# Display new key to user so they can enter it in Google Authenticator or Authy
echo Base32::encode($secret);

# Generate the current TOTP key
# Note: GenerateToken takes a base32 decoded string of bytes.
$key = (new Totp())->GenerateToken($secret);

# Check if user submitted correct key
if ($user_submitted_key !== $key) {


lfkeitel\phptotp\Totp extends Hotp

  • __construct($algo = 'sha1', $start = 0, $ti = 30): Totp
    • $algo: Algorithm to use when generating token
    • $start: The beginning of time
    • $ti: Time interval between tokens
  • GenerateToken($key, $time = null, $length = 6): string
    • $key: Secret key as bytes, base32 decoded
    • $time: Time to use for the token, defaults to now
    • $length: Length of token


  • __construct($algo = 'sha1'): Hotp
    • $algo: Algorithm to use when generating token
  • GenerateToken($key, $count = 0, $length = 6): string
    • $key: Secret key as bytes, base32 decoded
    • $count: HOTP counter
    • $length: Length of token
  • GenerateSecret($length = 16): string
    • $length: Length of string in bytes
    • Return: This method returns a string of random bytes, use Base32::encode when displaying to the user.


  • static encode($data): string
    • $data: Data to base32 encode
  • static decode($data): string
    • $data: Data to base32 decode


generate.php is a script that acts exactly like Google Authenticator. It takes a secret key, either as an argument or can be entered when prompted on standard input, and generates a token assuming SHA1, Unix timestamp for start, and 30 second time intervals. The secret key should be base32 encoded.

$ ./generate.php
Enter secret key: turtles
Token: 338914


This software is released under the MIT license which can be found in LICENSE.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].