Skip to content

hardest1/pgp-2fa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
docs/img
docs/img
 
 
examples/simple
examples/simple
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pgp-2fa.php
pgp-2fa.php
 
 

Repository files navigation

pgp-2fa

2-Factor-Authentication for the Web with PGP

Wrapper around the GnuPG extension for PHP to make 2-Factor-Authentication with PGP as easy as possible.

PECL-Extension 'GnuPG' is required! (Installation guide below)

Root access to the server is necessary to install the extension!

Usage

Usage is pretty simple.

Just upload 'pgp-2fa.php' to your webserver and follow the steps below.

If pgp-2fa is used with a standard MySQL-based login, this code has to go on the page where your login form is. First step is to start the session (if it isn't already started):

<?php
session_start();
?>

Then you have to include the php-2fa class and create a new instance:

<?php
include('/path/to/pgp-2fa.php');
$pgp = new pgp_2fa();
?>

Now you can generate a new secret code. The default length is 15 and it is made out of numbers. The function to generate the secret code can easily be adjusted for your own needs. After invoking this function, the unencrypted form of the secret is saved within the instance of the class for the next step, and a hashed and safe form of this secret is stored in the session:

<?php
$pgp->generateSecret();
?>

After generating the secret, you can encrypt it with PGP with a given Public Key: (In most cases, the public key is stored in a MySQL database so you have to connect to your database and retrieve the public key for the user that is currently logging in)

<?php
$pgp_message = $pgp->encryptSecret($public_key);
?>

The complete code until now should look something like this:

<?php
session_start();

include('/path/to/pgp-2fa.php');

$pgp = new pgp_2fa();
$pgp->generateSecret();

$pgp_message = $pgp->encryptSecret($public_key);
?>

The $pgp_message variable contains the PGP message the user has to decrypt. This message should be displayed together with an input where the user can type in the decrypted code.

To compare the user given code with the real code , just use compare() in your Form validation process:

<?php
if($pgp->compare($_POST['user-input'])){
  // Success!
}else{
  // Failure!
}
?>

Examples are included!

How to install the GnuPG PHP Extension

1. Install required packages

apt-get install build-essential libssl-dev
apt-get install gnupg libgpg-error-dev libassuan-dev libgpgme11-dev
apt-get install php5-dev php-pear

2. Download and build GPGME

Go to https://www.gnupg.org/download/ and download the latest GPGME tarball to a writable directory. Example (replace X.X.X with current version number):

wget https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-X.X.X.tar.bz2

Then extract the archive and cd to the new directory:

tar xfvj gpgme-X.X.X.tar.bz2
cd gpgme-X.X.X

Configure, make and install GPGME:

configure
make
make install

3. Install the PHP extension:

pecl install gnupg

Open your php.ini and add 'extension=gnupg.so':

extension=gnupg.so

Done!

If everything works fine, you should be able to see a new entry in your phpinfo():

PHPInfo

About

2-Factor-Authentication for the Web with PGP

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases 1

pgp-2fa Latest
Aug 15, 2015

Packages

No packages published

Languages