Skip to content
This repository has been archived by the owner on Apr 24, 2021. It is now read-only.


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

YubiKey OTP Validation Server

Yubico has declared end-of-life of YK-VAL and has moved it to YubicoLabs as a reference architecture at

The YubiKey Validation Server (YK-VAL) is a server that validates Yubikey One-Time Passwords (OTPs). YK-VAL is written in PHP, for use behind web servers such as Apache.


The server implements the Yubico API protocol as defined in doc/ValidationProtocol* and further documentation is also available in the doc/ subdirectory.

This server talks to a KSM service for decrypting the OTPs, to avoid storing any AES keys on the validation server. One implementation of this service is the YubiKey-KSM, and another implementation using the YubiHSM hardware is PyHSM.

Note that version 1.x is a minimal centralized server. Version 2.x is a replicated system that uses multiple machines.


The project is licensed under a BSD license. See the file COPYING for exact wording. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval.