Documentation
¶
Index ¶
- Variables
- func AlgoName(a piv.Algorithm) string
- func AlgoNames() []string
- func AlgoParse(s string) (piv.Algorithm, error)
- func CardSupported(name string) bool
- func GenExtFirmwareVersion(v piv.Version) pkix.Extension
- func GenExtFormFactor(ff piv.Formfactor) pkix.Extension
- func GenExtKeyPolicy(tp piv.TouchPolicy, pp piv.PINPolicy) pkix.Extension
- func GenExtSerialNumber(serial uint32) pkix.Extension
- func GenExtSlotNumber(slot uint32) pkix.Extension
- func GenerateSlotCert(yk *piv.YubiKey, pubKey crypto.PublicKey, signer any, slot piv.Slot, ...) (*x509.Certificate, error)
- func GetCardByName(searchName string) (*piv.YubiKey, error)
- func GetCardBySerial(serial uint32) (*piv.YubiKey, error)
- func ParseExtFirmwareVersion(d []byte) (piv.Version, error)
- func ParseExtFormFactor(d []byte) (piv.Formfactor, error)
- func ParseExtKeyPolicy(value []byte) (tp piv.TouchPolicy, pp piv.PINPolicy, err error)
- func ParseExtSerialNumber(d []byte) (serial uint32, err error)
- func ParseExtSlotNumber(d []byte) (slot uint32, err error)
- func PinPolicyName(pp piv.PINPolicy) string
- func PinPolicyNames() []string
- func PinPolicyParse(s string) (piv.PINPolicy, error)
- func PoliciesFromSlotCert(cert *x509.Certificate) (tp piv.TouchPolicy, pp piv.PINPolicy, ff piv.Formfactor)
- func SlotDescription(s string) string
- func SlotDescriptions() string
- func SlotName(s piv.Slot) string
- func SlotNames() []string
- func SlotParse(s string) (piv.Slot, error)
- func Slots() []piv.Slot
- func TouchPolicyName(tp piv.TouchPolicy) string
- func TouchPolicyNames() []string
- func TouchPolicyParse(s string) (piv.TouchPolicy, error)
- type CardInfo
- type SlotInfo
Constants ¶
This section is empty.
Variables ¶
var ( // Defined by Yubico ExtIDFirmwareVersion = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 41482, 3, 3}) ExtIDSerialNumber = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 41482, 3, 7}) ExtIDKeyPolicy = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 41482, 3, 8}) ExtIDFormFactor = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 41482, 3, 9}) // 1.3.6.1.4.1.61515 Xian Stannard // 1.3.6.1.4.1.61515.1 XCA // 1.3.6.1.4.1.61515.1.1 Yubikey slot a certificate is stored in ExtIDSlot = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 61515, 1, 1}) )
Functions ¶
func CardSupported ¶
func GenExtFormFactor ¶
func GenExtFormFactor(ff piv.Formfactor) pkix.Extension
func GenExtKeyPolicy ¶
func GenExtSerialNumber ¶
func GenExtSlotNumber ¶
func GenerateSlotCert ¶
func GenerateSlotCert(yk *piv.YubiKey, pubKey crypto.PublicKey, signer any, slot piv.Slot, tp piv.TouchPolicy, pp piv.PINPolicy) (*x509.Certificate, error)
GenerateSlotCert create a certificate that is stored in a Yubikey slot to indicate that a key was imported into that slot. It serves as nothing more than a label on the outside of the tin that contains the private key and should only be used for information. It should not be relied upon for anything cryptographic. It is not possible to ask all but the most recent of Yubikeys for the public part of a key that was imported into a slot, hence the need for a certificate to be used as a label. It is possible to update the key and certificate in a slot independently so the presence of a certificate in a slot does not guarantee the presence of the corresponding private key in the slot, but it is the best indicator we have when the slot cannot produce an attestation certificate.
func ParseExtFormFactor ¶
func ParseExtFormFactor(d []byte) (piv.Formfactor, error)
func ParseExtKeyPolicy ¶
func ParseExtSerialNumber ¶
func ParseExtSlotNumber ¶
func PinPolicyName ¶
func PinPolicyNames ¶
func PinPolicyNames() []string
func PoliciesFromSlotCert ¶
func PoliciesFromSlotCert(cert *x509.Certificate) (tp piv.TouchPolicy, pp piv.PINPolicy, ff piv.Formfactor)
PoliciesFromSlotCert extracts the touch and pin policies from a slot certificate. They are a helpful indicator to know how to set up the signer obtained from the private key in a slot. Getting the policy wrong is not insecure but may result in the user being asked for their pin more than necessary, or not enough times and the signer will error instead of producing a signature, annoying but not insecure.
If either of the policies cannot be determined, zero will be returned for that policy. If the extension is not found, both will eb returned as zero.
func SlotDescription ¶
func SlotDescriptions ¶
func SlotDescriptions() string
func TouchPolicyName ¶
func TouchPolicyName(tp piv.TouchPolicy) string
func TouchPolicyNames ¶
func TouchPolicyNames() []string
func TouchPolicyParse ¶
func TouchPolicyParse(s string) (piv.TouchPolicy, error)
Source Files