harp-yubikey

command module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 26, 2021 License: Apache-2.0 Imports: 4 Imported by: 0

README

Yubikey managed container identity

Prepare your yubikey

Generate a secp256r1 EC private key in the yubikey :

yubico-piv-tool --slot=82 --algorithm=ECCP256 --touch-policy=always --pin-policy=once -a generate -o recovery.pub.pem

Generate a self-signed certificate with the required Organization attribute set to harp-plugin-yubikey

yubico-piv-tool --slot=82 -a verify-pin -a selfsign-certificate --subject='/CN=Recovery Harp/O=harp-plugin-yubikey/' --valid-days=3650 -i recovery.pub.pem -o recovery.cert.pem

Import the certificate in the yubikey :

yubico-piv-tool --slot=82 -a import-certificate -i recovery.cert.pem

Create your recovery identity

$ harp-yubikey container identity --serial $YK_SERIAL --slot 82 --description="Recovery from Yubikey"  | jq
{
  "@apiVersion": "harp.elastic.co/v1",
  "@kind": "ContainerIdentity",
  "@timestamp": "2021-02-15T18:20:58.929526Z",
  "@description": "Recovery from Yubikey",
  "public": "J8QzwQwUIrS2VQtNbzp5bCT5jhHBn6aXXQ2-CWhsigc",
  "private": {
    "encoding": "piv:yubikey:000000000:82:DkDc7g",
    "content": "... REDACTED ..."
  }
}

Recover container key

$ harp-yubikey container recover --identity id.json
Enter PIN for Yubikey with serial 000000000:
# Don't forget to touch the key (according to defined private key TouchPolicy)
Container key : luCo-1RSFdvXUVLLNyiytc8vEZFutBK1XG_NsuAVT-4

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
cmd
config
pkg
tasks/container
value/encryption/envelope/piv

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.