tkeyx25519

package module

v0.0.3 Latest Latest Go to latest Published: Jun 17, 2024 License: GPL-2.0 Imports: 5 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/quite/tkeyx25519

Links

Open Source Insights

README ¶

This is the Go package for communicating with the X25519 TKey device app.

It is used by age-plugin-tkey and other parties wanting to do ECDH on the TKey.

Based on https://github.com/tillitis/tkeysign

Documentation ¶

Index ¶

Constants
type ResponseStatusNotOKError
- func (e *ResponseStatusNotOKError) Code() byte
- func (e *ResponseStatusNotOKError) Error() string
type X25519
- func New(tk *tkeyclient.TillitisKey) X25519

Constants ¶

View Source

const (
	StatusOK           = byte(0)
	StatusWrongCmdLen  = byte(1)
	StatusTouchTimeout = byte(2)
)

View Source

const UserSecretSize = 32

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ResponseStatusNotOKError ¶

type ResponseStatusNotOKError struct {
	// contains filtered or unexported fields
}

func (*ResponseStatusNotOKError) Code ¶

func (e *ResponseStatusNotOKError) Code() byte

func (*ResponseStatusNotOKError) Error ¶

func (e *ResponseStatusNotOKError) Error() string

type X25519 ¶

type X25519 struct {
	// contains filtered or unexported fields
}

func New ¶

func New(tk *tkeyclient.TillitisKey) X25519

func (X25519) Close ¶

func (x X25519) Close() error

Close closes the connection to the TKey

func (X25519) DoECDH ¶

func (x X25519) DoECDH(domainString string, userSecret [UserSecretSize]byte, requireTouch bool, theirPubKey [32]byte) ([]byte, error)

DoECDH talks to the X25519 device app running on the TKey to run the ECDH (Elliptic-Curve Diffie-Hellman) function for establishing a shared secret between theirPubKey and a private key. The private key is hashed using the arguments in the same way as is done for GetPubKey.

func (X25519) GetAppNameVersion ¶

func (x X25519) GetAppNameVersion() (*tkeyclient.NameVersion, error)

GetAppNameVersion talks to the device app running on the TKey, getting its name and version. A timeout is used to avoid hanging if the device is running an app which does not handle the command, or is in firmware mode.

func (X25519) GetPubKey ¶

func (x X25519) GetPubKey(domainString string, userSecret [UserSecretSize]byte, requireTouch bool) ([]byte, error)

GetPubKey talks to the X25519 device app running on the TKey to retrieve a X25519 public key. The public key is derived by the device app after hashing "private_key = blake2s(CDI, domain, userSecret, requireTouch)". "CDI" is a base secret for use by the app, see https://dev.tillitis.se/intro/. "domain" comes from domainString, which is hashed using blake2s if the string was longer than 32 bytes. "userSecret" is for identity/personalization and must be high-entropy random. "requireTouch" indicates whether the TKey should require physical touch when doing ECDH to create the shared secret.

Source Files ¶

View all Source files

tkeyx25519.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL