If you want to subscribe to this forum, use your Facebook account, or send us an email to forum - at - multiotp - dot - net and we will send you back an invitation.

rotate multiOTP encryption key

What I am doing is upgrading our previous version of multiOTP with a fresh build. I'm running Ubuntu 16.04 with multiOTP version I have multiOTP storing data in a MySQL database. That part is working. What I am trying to do is pre-populate the database with current users by running example multiotp.php -debug -create john TOTP 56821bac24fbd234339356821bac24fbd2343393 4455 6 30. I was able to extract the current hexkey for my users to use in for the command above. My problem is I want to rotate the encryption key on the new system away from defaults because when it stores their token_seed value it is the same as the old system. I figure the new system is a good time to rotate this. I have gone through the multiotp.php file and modified where encryption_key is set. Reran the command and it is still producing the same output. Ideally, I would like to leave the multiotp.php file unmodified and just set the /etc/multiotp/config/multiotp.ini encryption_key_full_path variable to override the defaults. I could not figure out how to properly set this to try. Any help is appreciated.


  • Hello, in order to change the encryption key, before creating the users on your new multiOTP, you need to change the hardcoded key in multiOTP.php. Search for DefaultCliEncryptionKey and replace it by whatever you like. Hope this helps. Have a nice day Yann
  • Thank you. That was where I needed to change it. I was changing the encryption_key variable but that must be used for something else.
  • edited August 3
    Great, thanks for the feedback. encryption_key is not implemented in the CLI header provided with the project.
This discussion has been closed.