Documentation
¶
Index ¶
- Constants
- type YubiKey
- func (k *YubiKey) Close() error
- func (k *YubiKey) CreateAttestation(req *apiv1.CreateAttestationRequest) (*apiv1.CreateAttestationResponse, error)
- func (k *YubiKey) CreateDecrypter(req *apiv1.CreateDecrypterRequest) (crypto.Decrypter, error)
- func (k *YubiKey) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
- func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
- func (k *YubiKey) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
- func (k *YubiKey) LoadCertificate(req *apiv1.LoadCertificateRequest) (*x509.Certificate, error)
- func (k *YubiKey) Serial() (string, error)
- func (k *YubiKey) StoreCertificate(req *apiv1.StoreCertificateRequest) error
Constants ¶
const Scheme = string(apiv1.YubiKey)
Scheme is the scheme used in uris, the string "yubikey".
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type YubiKey ¶
type YubiKey struct {
// contains filtered or unexported fields
}
YubiKey implements the KMS interface on a YubiKey.
func New ¶
New initializes a new YubiKey KMS.
The most common way to open a YubiKey is to add a URI in the options:
New(ctx, &apiv1.Options{
URI: yubikey:pin-value=123456,
})
This URI can also provide the management key in hexadecimal format if the default one is not used, and the serial number of the card if we want to support multiple cards at the same time.
yubikey:management-key=001122334455667788990011223344556677889900112233?pin-value=123456 yubikey:serial=112233?pin-source=/var/run/yubikey.pin
You can also define a slot id, this will be ignored in this method but can be useful on CLI applications.
yubikey:slot-id=9a?pin-value=123456
If the pin or the management-key are not provided, we will use the default ones.
func (*YubiKey) CreateAttestation ¶ added in v0.19.0
func (k *YubiKey) CreateAttestation(req *apiv1.CreateAttestationRequest) (*apiv1.CreateAttestationResponse, error)
CreateAttestation creates an attestation certificate from a YubiKey slot.
Experimental ¶
Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.
func (*YubiKey) CreateDecrypter ¶ added in v0.22.0
CreateDecrypter creates a crypto.Decrypter using the key present in the configured Yubikey slot.
func (*YubiKey) CreateKey ¶
func (k *YubiKey) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
CreateKey generates a new key in the YubiKey and returns the public key.
func (*YubiKey) CreateSigner ¶
CreateSigner creates a signer using the key present in the YubiKey signature slot.
func (*YubiKey) GetPublicKey ¶
GetPublicKey returns the public key present in the YubiKey signature slot.
func (*YubiKey) LoadCertificate ¶
func (k *YubiKey) LoadCertificate(req *apiv1.LoadCertificateRequest) (*x509.Certificate, error)
LoadCertificate implements kms.CertificateManager and loads a certificate from the YubiKey.
func (*YubiKey) Serial ¶ added in v0.44.2
Serial returns the serial number of the PIV card or and empty string if retrieval fails
func (*YubiKey) StoreCertificate ¶
func (k *YubiKey) StoreCertificate(req *apiv1.StoreCertificateRequest) error
StoreCertificate implements kms.CertificateManager and stores a certificate in the YubiKey.
Source Files