securitykey

package

v0.22.0 Latest Latest Go to latest Published: Nov 1, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smlx/piv-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package securitykey provides an interface to a physical security key such as a Yubikey.

Index ¶

Variables
type CryptoKey
type DecryptingKey
type Entity
type SecurityKey
- func New(card string, pe *pinentry.PINEntry) (*SecurityKey, error)
type SigningKey
type SlotSpec

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrKeySetUp = errors.New("security key already set up")

ErrKeySetUp is returned from Setup when the security key is already set up and reset is false.

Functions ¶

This section is empty.

Types ¶

type CryptoKey ¶ added in v0.9.0

type CryptoKey struct {
	SlotSpec SlotSpec
	Public   crypto.PublicKey
}

CryptoKey represents a cryptographic key on a hardware security device.

type DecryptingKey ¶ added in v0.9.0

type DecryptingKey struct {
	CryptoKey
	PubPGP *packet.PublicKey
}

DecryptingKey is a cryptographic decrypting key on a hardware security device.

type Entity ¶

type Entity struct {
	openpgp.Entity
	CryptoKey
}

Entity wraps a synthesized openpgp.Entity and associates it with a SigningKey.

type SecurityKey ¶

type SecurityKey struct {
	// contains filtered or unexported fields
}

A SecurityKey is a physical hardware token which implements PIV, such as a Yubikey. It provides a convenient abstraction around the low-level pivgo.YubiKey object.

func New ¶

func New(card string, pe *pinentry.PINEntry) (*SecurityKey, error)

New returns a security key identified by card string.

func (*SecurityKey) AttestationCertificate ¶

func (k *SecurityKey) AttestationCertificate() (*x509.Certificate, error)

AttestationCertificate returns the attestation certificate of the underlying yubikey.

func (*SecurityKey) Card ¶

func (k *SecurityKey) Card() string

Card returns the card identifier.

func (*SecurityKey) Close ¶

func (k *SecurityKey) Close() error

Close closes the underlying yubikey.

func (*SecurityKey) Comment ¶ added in v0.4.0

func (k *SecurityKey) Comment(ss *SlotSpec) string

Comment returns a comment suitable for e.g. the SSH public key format

func (*SecurityKey) CryptoKeys ¶ added in v0.9.0

func (k *SecurityKey) CryptoKeys() []CryptoKey

CryptoKeys returns the slice of cryptographic signing and decrypting keys held by the SecurityKey.

func (*SecurityKey) DecryptingKeys ¶ added in v0.9.0

func (k *SecurityKey) DecryptingKeys() []DecryptingKey

DecryptingKeys returns the slice of cryptographic decrypting keys held by the SecurityKey.

func (*SecurityKey) PrivateKey ¶

func (k *SecurityKey) PrivateKey(c *CryptoKey) (crypto.PrivateKey, error)

PrivateKey returns the private key of the given public signing key.

func (*SecurityKey) Retries ¶

func (k *SecurityKey) Retries() (int, error)

Retries returns the number of attempts remaining to enter the correct PIN.

func (*SecurityKey) Serial ¶

func (k *SecurityKey) Serial() uint32

Serial returns the serial number of the SecurityKey.

func (*SecurityKey) Setup ¶

func (k *SecurityKey) Setup(pin, version string, reset bool,
	signingKeys []string, decryptingKeys []string) error

Setup configures the SecurityKey to work with piv-agent.

func (*SecurityKey) SetupSlots ¶ added in v0.12.0

func (k *SecurityKey) SetupSlots(pin, version string, reset bool,
	signingKeys []string, decryptingKeys []string) error

SetupSlots configures slots on the security key without resetting it completely.

func (*SecurityKey) SigningKeys ¶

func (k *SecurityKey) SigningKeys() []SigningKey

SigningKeys returns the slice of cryptographic signing keys held by the SecurityKey.

func (*SecurityKey) StringsGPG ¶

func (k *SecurityKey) StringsGPG(name, email string) ([]string, error)

StringsGPG returns an array of commonly formatted GPG keys as strings.

func (*SecurityKey) StringsSSH ¶

func (k *SecurityKey) StringsSSH() []string

StringsSSH returns an array of commonly formatted SSH keys as strings.

type SigningKey ¶

type SigningKey struct {
	CryptoKey
	PubSSH ssh.PublicKey
	PubPGP *packet.PublicKey
}

SigningKey is a public signing key on a security key / hardware token.

type SlotSpec ¶

type SlotSpec struct {
	Slot        pivgo.Slot
	TouchPolicy pivgo.TouchPolicy
}

SlotSpec represents a combination of slot and touch policy on the token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL