openpgp

package module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

README

go-openpgp-card: A Go Implementation of the OpenPGP Smart Card application

GitHub Workflow Status goreportcard Codecov branch License GitHub go.mod Go version Go Reference

go-openpgp-card is a Go package providing an interface to the OpenPGP application on ISO Smart Card Operating Systems.

Features

go-openpgp-card implements the Functional Specification of the OpenPGP application in Version v3.4.1.

  • Supported commands:

    • 7.2.1 SELECT
    • 7.2.2 VERIFY
    • 7.2.3 CHANGE REFERENCE DATA
    • 7.2.4 RESET RETRY COUNTER
    • 7.2.5 SELECT DATA
    • 7.2.6 GET DATA
      • Application related
      • Security Support Template
      • Private data
      • Cardholder related
      • Password status
      • Login data
      • Public key URL
      • Cardholder certificates
      • User interaction flag
    • 7.2.7 GET NEXT DATA
    • 7.2.8 PUT DATA
      • Resetting Code
      • Name
      • Language
      • Sex
      • Public Key URL
      • Login data
      • Private data
      • User interaction flag
      • Password status
      • Key Import
        • AES
        • RSA
        • ECDSA
        • EdDSA
    • 7.2.9 GET RESPONSE
    • 7.2.10 PSO: COMPUTE DIGITAL SIGNATURE
      • RSA
      • ECDSA
      • EdDSA
    • 7.2.11 PSO: DECIPHER
      • AES
      • RSA
      • ECDH
      • EdDSA
    • 7.2.12 PSO: ENCIPHER
      • AES
    • 7.2.13 INTERNAL AUTHENTICATE
      • RSA
      • ECDSA
      • EdDSA
    • 7.2.14 GENERATE ASYMMETRIC KEY PAIR
      • RSA
      • Elliptic Curves
    • 7.2.15 GET CHALLENGE
    • 7.2.16 TERMINATE DF
    • 7.2.17 ACTIVATE FILE
    • 7.2.18 MANAGE SECURITY ENVIRONMENT

  • Key Derivation Function (KDF) for VERIFY

  • PIN Handler / Callback

YubiKey extensions
  • Set PIN Retry counters
  • Attestation

Tested implementations

  • Yubikey
    • FW version 5.4.3

Install

go-openpgp-card needs to be build with CGO_ENABLED=1 and requires the following external dependencies:

apt-get install \
    libpcsclite-dev

Authors

License

go-openpgp-card is licensed under the Apache 2.0 license.

Documentation

Overview

Package openpgp implements the interface to the OpenPGP application on ISO Smart Card Operating Systems v3.4.1 See: https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.1.pdf

Index

Constants

View Source 
const (
	PW1       byte = 0x81 // User PIN (PSO:CDS command only)
	PW1forPSO byte = 0x82 // User PIN for PSO: DECIPHER
	RC        byte = 0x82 // Resetting code
	PW3       byte = 0x83 // Admin PIN
)
View Source 
const (
	GeneralFeatureTouchscreen byte = (1 << iota)
	GeneralFeatureMicrophone
	GeneralFeatureSpeaker
	GeneralFeatureLED
	GeneralFeatureKeyPad
	GeneralFeatureButton
	GeneralFeatureBiometric
	GeneralFeatureDisplay
)

Variables

View Source 
var (
	DefaultPW = map[byte]string{
		RC:  DefaultPW1,
		PW3: DefaultPW3,
	}

	DefaultPW1 = "123456"
	DefaultPW3 = "12345678"
)
View Source 
var (

	// ErrMismatchingAlgorithms is returned when a cryptographic operation
	// is given keys using different algorithms.
	ErrMismatchingAlgorithms = errors.New("mismatching key algorithms")
	ErrInvalidLength         = errors.New("invalid length")

	ErrUnsupported        = errors.New("unsupported")
	ErrUnsupportedKeyType = fmt.Errorf("%w key attributes", ErrUnsupported)
	ErrUnsupportedCurve   = fmt.Errorf("%w curve", ErrUnsupported)

	ErrAlgAttrsNotChangeable = errors.New("algorithm attributes are not changeable")
)
View Source 
var ErrPubkeyRequired = fmt.Errorf("missing public key: not present on card")
View Source 
var ICV = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}

ICV is the Initial Chaining Value used by OpenPGP cards for symmetric encryption using AES-CBC

Functions

This section is empty.

Types

type AID added in v0.2.1 

type AID struct {
	RID          iso.RID
	Application  byte
	Version      iso.Version
	Serial       [4]byte
	Manufacturer Manufacturer
}

func (*AID) Decode added in v0.2.1 

func (aid *AID) Decode(b []byte) error

type AlgHash 

type AlgHash byte
const (
	AlgHashMD5       AlgHash = iota + 1 // Message Digest 5
	AlgHashSHA1                         // SHA-1
	AlgHashRIPEMD160                    // RIPE-MD/160

	AlgHashSHA256 // SHA-256
	AlgHashSHA384 // SHA-384
	AlgHashSHA512 // SHA-512
	AlgHashSHA224 // SHA-224
)

type AlgKDF 

type AlgKDF byte
const (
	AlgKDFNone          AlgKDF = 0
	AlgKDFIterSaltedS2K AlgKDF = 3
)

type AlgPubkey 

type AlgPubkey byte
const (
	AlgPubkeyRSA                AlgPubkey = 1  // RSA (Encrypt or Sign)
	AlgPubkeyRSAEncOnly         AlgPubkey = 2  // RSA Encrypt-Only (legacy)
	AlgPubkeyRSASignOnly        AlgPubkey = 3  // RSA Sign-Only (legacy)
	AlgPubkeyElgamalEncOnly     AlgPubkey = 16 // Elgamal (Encrypt-Only)
	AlgPubkeyDSA                AlgPubkey = 17 // DSA (Digital Signature Algorithm)
	AlgPubkeyECDH               AlgPubkey = 18 // RFC-6637
	AlgPubkeyECDSA              AlgPubkey = 19 // RFC-6637
	AlgPubkeyElgamalEncSignOnly AlgPubkey = 20 // Elgamal encrypt+sign, reserved by OpenPGP (legacy)
	AlgPubkeyEdDSA              AlgPubkey = 22 // EdDSA
	AlgPubkeyKy768_25519        AlgPubkey = 29 // Kyber768 + X25519
	AlgPubkeyKy1024_448         AlgPubkey = 30 // Kyber1024 + X448
	AlgPubkeyDil3_25519         AlgPubkey = 35 // Dilithium3 + Ed25519
	AlgPubkeyDil5_448           AlgPubkey = 36 // Dilithium5 + Ed448
	AlgPubkeySPHINXSHA2         AlgPubkey = 41 // SPHINX+-simple-SHA2
)

func (AlgPubkey) String 

func (a AlgPubkey) String() string

type AlgSymmetric 

type AlgSymmetric byte
const (
	AlgSymPlaintext AlgSymmetric = iota // Plaintext or unencrypted data
	AlgSymIDEA                          // IDEA
	AlgSymTripleDES                     // TripleDES (DES-EDE, - 168 bit key derived from 192)
	AlgSymCAST5                         // CAST5 (128 bit key, as per RFC2144)
	AlgSymBlowfish                      // Blowfish (128 bit key, 16 rounds)

	AlgSymAES128  // AES with 128-bit key
	AlgSymAES192  // AES with 192-bit key
	AlgSymAES256  // AES with 256-bit key
	AlgSymTwofish // Twofish with 256-bit key
)

type AlgorithmAttributes 

type AlgorithmAttributes struct {
	Algorithm    AlgPubkey
	ImportFormat ImportFormat

	// Relevant for RSA
	LengthModulus  int
	LengthExponent int

	// Relevant for ECDSA/ECDH/EdDSA
	OID []byte
}

func EC 

func EC(curve Curve) AlgorithmAttributes

func RSA 

func RSA(bits int) AlgorithmAttributes

func (AlgorithmAttributes) Compatible added in v0.2.1 

func (a AlgorithmAttributes) Compatible(b AlgorithmAttributes) bool

func (AlgorithmAttributes) Curve 

func (a AlgorithmAttributes) Curve() Curve

func (*AlgorithmAttributes) Decode 

func (a *AlgorithmAttributes) Decode(b []byte) error

func (AlgorithmAttributes) Encode 

func (a AlgorithmAttributes) Encode() (b []byte)

func (AlgorithmAttributes) Equal 

func (a AlgorithmAttributes) Equal(b AlgorithmAttributes) bool

func (AlgorithmAttributes) String 

func (a AlgorithmAttributes) String() string

type ApplicationRelated 

type ApplicationRelated struct {
	AID             AID
	HistoricalBytes iso.HistoricalBytes

	LengthInfo     ExtendedLengthInfo
	Capabilities   ExtendedCapabilities
	Features       GeneralFeatures
	PasswordStatus PasswordStatus

	Keys map[KeyRef]KeyInfo
}

func (*ApplicationRelated) Decode 

func (ar *ApplicationRelated) Decode(b []byte) (err error)

type AuthError 

type AuthError struct {
	// Retries is the number of retries remaining if this error resulted from a retry-able
	// authentication attempt.  If the authentication method is blocked or does not support
	// retries, this will be 0.
	Retries int
}

AuthError is an error indicating an authentication error occurred (wrong PIN or blocked).

func (AuthError) Error 

func (v AuthError) Error() string

type BlockCipher added in v0.2.1 

type BlockCipher struct {
	// contains filtered or unexported fields
}

func (BlockCipher) BlockSize added in v0.2.1 

func (k BlockCipher) BlockSize() int

BlockSize returns the cipher's block size.

func (*BlockCipher) Decrypt added in v0.2.1 

func (k *BlockCipher) Decrypt(ct []byte) ([]byte, error)

Decrypt decrypts the provided ciphertext using AES in Cipher Block Chaining (CBC) mode using an Initial Chaining Value (ICV) of zero bytes.

See: OpenPGP Smart Card Application - Section 7.2.11 PSO: DECIPHER

func (*BlockCipher) Encrypt added in v0.2.1 

func (k *BlockCipher) Encrypt(pt []byte) ([]byte, error)

Encrypt encrypts the provided plaintext using AES in Cipher Block Chaining (CBC) mode using an Initial Chaining Value (ICV) of zero bytes ([IV]).

See: OpenPGP Smart Card Application - Section 7.2.12 PSO: ENCIPHER

type Card 

type Card struct {
	*iso.Card

	Rand  io.Reader
	Clock func() time.Time

	*ApplicationRelated
	*Cardholder
	*SecuritySupportTemplate
	// contains filtered or unexported fields
}

func NewCard 

func NewCard(sc *iso.Card) (c *Card, err error)

NewCard creates a new OpenPGP card handle.

func (*Card) AlgorithmAttributes 

func (c *Card) AlgorithmAttributes(key KeyRef) (attrs AlgorithmAttributes, err error)

AlgorithmAttributes returns the currently configured algorithm attributes for the given key.

func (*Card) BlockCipher added in v0.2.1 

func (c *Card) BlockCipher() *BlockCipher

BlockCipher returns a block cipher object for symmetric AES de/encipherment.

func (*Card) Challenge 

func (c *Card) Challenge(cnt int) ([]byte, error)

Challenge generates a random number of cnt bytes.

See: OpenPGP Smart Card Application - Section 7.2.15 GET CHALLENGE

func (*Card) ChangePassword 

func (c *Card) ChangePassword(pwType byte, pwCurrent, pwNew string) error

ChangePassword changes the user or admin password.

Access condition: Always Access level: None (current password must be provided) See: OpenPGP Smart Card Application - Section 7.2.3 CHANGE REFERENCE DATA

func (*Card) ChangeResettingCode 

func (c *Card) ChangeResettingCode(rc string) error

ChangeResettingCode sets the resetting code of the cards.

Access condition: Admin/PW3 See: OpenPGP Smart Card Application - Section 4.3.4 Resetting Code

func (*Card) ClearPasswordState 

func (c *Card) ClearPasswordState(pwType byte) error

ClearPasswordState clears the passwort unlock state from the card.

Access condition: Always Note: Appears to be broken on YubiKey 5 See: OpenPGP Smart Card Application - Section 7.2.2 VERIFY

func (*Card) ClearResettingCode 

func (c *Card) ClearResettingCode() error

func (*Card) Close 

func (c *Card) Close() error

Close closes the OpenPGP card handle.

func (*Card) FactoryReset 

func (c *Card) FactoryReset() error

FactoryReset resets the applet to its original state

Access condition: Admin/PW3 

Alternatively, we will try to block the Admin PIN by repeatedly calling VerifyPassword()
with a wrong password to enable TERMINATE DF without Admin PIN.

See: OpenPGP Smart Card Application - Section 7.2.16 TERMINATE DF & 7.2.17 ACTIVATE FILE

func (*Card) GenerateKey 

func (c *Card) GenerateKey(key KeyRef, attrs AlgorithmAttributes) (crypto.PrivateKey, error)

func (*Card) GetApplicationRelatedData 

func (c *Card) GetApplicationRelatedData() (ar *ApplicationRelated, err error)

GetApplicationRelatedData fetches the application related data from the card.

func (*Card) GetCardholder 

func (c *Card) GetCardholder() (ch *Cardholder, err error)

GetCardholder fetches the card holder information from the card.

func (*Card) GetCardholderCertificate 

func (c *Card) GetCardholderCertificate(key KeyRef) ([]byte, error)

func (*Card) GetCardholderCertificates 

func (c *Card) GetCardholderCertificates() ([][]byte, error)

func (*Card) GetKDF 

func (c *Card) GetKDF() (k *KDF, err error)

func (*Card) GetLoginData 

func (c *Card) GetLoginData() (string, error)

func (*Card) GetPasswordStatus 

func (c *Card) GetPasswordStatus() (*PasswordStatus, error)

func (*Card) GetPublicKeyURL 

func (c *Card) GetPublicKeyURL() (*url.URL, error)

func (*Card) GetSecuritySupportTemplate 

func (c *Card) GetSecuritySupportTemplate() (sst *SecuritySupportTemplate, err error)

GetSecuritySupportTemplate fetches the the security template from the card.

func (*Card) GetSignatureCounter 

func (c *Card) GetSignatureCounter() (int, error)

func (*Card) ImportKey 

func (c *Card) ImportKey(key KeyRef, skImport crypto.PrivateKey) (crypto.PrivateKey, error)

func (*Card) ImportKeyAES added in v0.2.1 

func (c *Card) ImportKeyAES(key []byte) error

ImportKeyAES stores an AES key for symmetric encryption on the card. The Key length must be 16 or 32 Byte for AES128 and AES256 respectively. For encryption and decryption, use the block cipher object returned by Card.BlockCipher.

func (*Card) ManageSecurityEnvironment 

func (c *Card) ManageSecurityEnvironment(op SecurityOperation, key KeyRef) error

See: OpenPGP Smart Card Application - Section 7.2.18 MANAGE SECURITY ENVIRONMENT

func (*Card) PasswordState 

func (c *Card) PasswordState(pwType byte) (bool, error)

PasswordState returns true if the given password is unlocked.

Access condition: Always Note: Appears to be broken on YubiKey 5 See: OpenPGP Smart Card Application - Section 7.2.2 VERIFY

func (*Card) PrivateData 

func (c *Card) PrivateData(index int) ([]byte, error)

func (*Card) PrivateKey 

func (c *Card) PrivateKey(key KeyRef, pkHint crypto.PublicKey) (crypto.PrivateKey, error)

func (*Card) ResetRetryCounter 

func (c *Card) ResetRetryCounter(newPw string) error

ResetRetryCounter reset the PIN retry counter and a new password.

Access condition: Admin/PW3 See: OpenPGP Smart Card Application - Section 7.2.4 RESET RETRY COUNTER

func (*Card) ResetRetryCounterWithResettingCode 

func (c *Card) ResetRetryCounterWithResettingCode(rc, newPw string) error

ResetRetryCounterWithResettingCode resets the PIN retry counter using a reset code.

Access condition: None (reset code is required) See: OpenPGP Smart Card Application - Section 7.2.4 RESET RETRY COUNTER

func (*Card) Select 

func (c *Card) Select() error

Select selects the OpenPGP applet.

See: OpenPGP Smart Card Application - Section 7.2.1 SELECT

func (*Card) SetCardholder 

func (c *Card) SetCardholder(ch Cardholder) error

func (*Card) SetLanguage 

func (c *Card) SetLanguage(lang string) error

func (*Card) SetLoginData 

func (c *Card) SetLoginData(login string) error

func (*Card) SetName 

func (c *Card) SetName(name string) error

func (*Card) SetPasswordMode added in v0.2.1 

func (c *Card) SetPasswordMode(mode PasswordMode) error

func (*Card) SetPrivateData 

func (c *Card) SetPrivateData(index int, b []byte) error

func (*Card) SetPublicKeyURL 

func (c *Card) SetPublicKeyURL(url *url.URL) error

func (*Card) SetRetryCounters 

func (c *Card) SetRetryCounters(pw1, rc, pw3 byte) error

SetRetryCounters sets the number of PIN attempts to allow before blocking.

Access condition: Admin/PW3 Note: This is a YubiKey extensions Warning: On YubiKey NEO this will reset the PINs to their default values.

func (*Card) SetSex 

func (c *Card) SetSex(sex Sex) error

func (*Card) SetUserInteractionMode added in v0.2.1 

func (c *Card) SetUserInteractionMode(op SecurityOperation, mode UserInteractionMode, feat GeneralFeatures) error

func (*Card) SetupKDF 

func (c *Card) SetupKDF(alg AlgKDF, iterations int, pw1, pw3 string) (err error)

SetupKDF initialize the KDF data object and updates passwords to work with it.

Resetting code must be set again. User/PW1 and Admin/PW3 are unchanged.

Access condition: Admin/PW3 (User/PW1 and AdminPW3 must be passed as arguments) See: OpenPGP Smart Card Application - Section 4.3.2 Key derived format

func (*Card) SupportedAlgorithms 

func (c *Card) SupportedAlgorithms() (map[KeyRef][]AlgorithmAttributes, error)

SupportedAlgorithms returns the list of supported algorithms by each key type.

func (*Card) VerifyPassword 

func (c *Card) VerifyPassword(pwType byte, pw string) (err error)

VerifyPassword attempts to unlock a given password.

Access condition: Always See: OpenPGP Smart Card Application - Section 7.2.2 VERIFY

type Cardholder 

type Cardholder struct {
	Name     string
	Language string
	Sex      Sex
}

func (*Cardholder) Decode 

func (ch *Cardholder) Decode(b []byte) (err error)

type Curve 

type Curve byte
const (
	CurveUnknown Curve = iota

	CurveANSIx9p256r1
	CurveANSIx9p384r1
	CurveANSIx9p521r1

	CurveBrainpoolP256r1
	CurveBrainpoolP384r1
	CurveBrainpoolP512r1

	CurveX25519
	CurveX448

	CurveEd25519
	CurveEd448

	CurveSecp256k1
)

func (Curve) AlgAttrs added in v0.2.1 

func (c Curve) AlgAttrs() AlgorithmAttributes

func (Curve) ECDH added in v0.2.1 

func (c Curve) ECDH() ecdh.Curve

func (Curve) ECDSA added in v0.2.1 

func (c Curve) ECDSA() elliptic.Curve

func (Curve) OID added in v0.2.1 

func (c Curve) OID() []byte

func (Curve) String 

func (c Curve) String() string

type ExtendedCapabilities 

type ExtendedCapabilities struct {
	Flags                ExtendedCapabilitiesFlag
	AlgSM                byte
	MaxLenChallenge      uint16
	MaxLenCardholderCert uint16
	MaxLenSpecialDO      uint16
	Pin2BlockFormat      byte
	CommandMSE           byte
}

func (*ExtendedCapabilities) Decode 

func (ec *ExtendedCapabilities) Decode(b []byte) error

type ExtendedCapabilitiesFlag 

type ExtendedCapabilitiesFlag byte
const (
	CapKDF ExtendedCapabilitiesFlag = (1 << iota)
	CapAES
	CapAlgAttrsChangeable
	CapPrivateDO
	CapPasswordStatusChangeable
	CapKeyImport
	CapGetChallenge
	CapSecureMessaging
)

type ExtendedLengthInfo 

type ExtendedLengthInfo struct {
	MaxCommandLength  uint16
	MaxResponseLength uint16
}

func (*ExtendedLengthInfo) Decode 

func (li *ExtendedLengthInfo) Decode(b []byte) error

type Fingerprint 

type Fingerprint [20]byte

type GeneralFeatures 

type GeneralFeatures byte

func (*GeneralFeatures) Decode 

func (gf *GeneralFeatures) Decode(b []byte) error

type ImportFormat 

type ImportFormat byte
const (
	ImportFormatRSAStd ImportFormat = iota
	ImportFormatRSAStdWithModulus
	ImportFormatRSACRT
	ImportFormatRSACRTWithModulus

	ImportFormatECDSAStdWithPublicKey ImportFormat = 0xff
)

type KDF 

type KDF struct {
	Algorithm      AlgKDF
	HashAlgorithm  AlgHash
	Iterations     int
	SaltPW1        [8]byte
	SaltPW3        [8]byte
	SaltRC         [8]byte
	InitialHashPW1 []byte
	InitialHashPW3 []byte
}

KDF contains the Parameters for the Key Derivation Function (KDF).

func (*KDF) Decode 

func (k *KDF) Decode(b []byte) (err error)

func (*KDF) DerivePassword 

func (k *KDF) DerivePassword(pwType byte, pw string) ([]byte, error)

func (*KDF) Encode 

func (k *KDF) Encode() ([]byte, error)

type KeyInfo 

type KeyInfo struct {
	Reference      KeyRef
	Status         KeyStatus
	AlgAttrs       AlgorithmAttributes
	Fingerprint    []byte
	FingerprintCA  []byte
	GenerationTime time.Time
	UIF            UIF
}

type KeyRef added in v0.2.1 

type KeyRef byte
const (
	KeySign    KeyRef = 0x01
	KeyDecrypt KeyRef = 0x02
	KeyAuthn   KeyRef = 0x03
	KeyAttest  KeyRef = 0x81
)

func (KeyRef) String added in v0.2.1 

func (r KeyRef) String() string

type KeyStatus added in v0.2.1 

type KeyStatus byte
const (
	KeyNotPresent KeyStatus = iota // Not generated or imported
	KeyGenerated                   // On the the card
	KeyImported                    // Into the card (insecure)
)

type LifeCycleStatus 

type LifeCycleStatus byte

See: OpenPGP Smart Card Application - Section 6 Historical Bytes 

const (
	LifeCycleStatusNoInfo      LifeCycleStatus = 0x00
	LifeCycleStatusInitialized LifeCycleStatus = 0x03
	LifeCycleStatusOperational LifeCycleStatus = 0x05
)

type Manufacturer 

type Manufacturer uint16
const (
	ManufacturerYubico Manufacturer = 0x0006
)

From: https://github.com/gpg/gnupg/blob/9e4d52223945d677c1ffcb0e20dae48299e9aae1/scd/app-openpgp.c#L293

func (Manufacturer) String 

func (m Manufacturer) String() string

type PasswordMode added in v0.2.1 

type PasswordMode struct {
	RequirePW1ForEachSignature bool
	UsePINBlockFormat2ForPW1   bool
}

type PasswordStatus 

type PasswordStatus struct {
	ValidityPW1 uint8

	LengthPW1 uint8
	LengthRC  uint8
	LengthPW3 uint8

	AttemptsPW1 uint8
	AttemptsRC  uint8
	AttemptsPW3 uint8
}

func (*PasswordStatus) Decode 

func (ps *PasswordStatus) Decode(b []byte) error

type PrivateKeyECDH added in v0.2.1 

type PrivateKeyECDH struct {
	// contains filtered or unexported fields
}

func (*PrivateKeyECDH) ECDH added in v0.2.1 

func (k *PrivateKeyECDH) ECDH(peer *ecdh.PublicKey) ([]byte, error)

ECDH performs a Diffie-Hellman key agreement with the peer to produce a shared secret key.

See: OpenPGP Smart Card Application - Section 7.2.11 PSO: DECIPHER

func (*PrivateKeyECDH) Public added in v0.2.1 

func (k *PrivateKeyECDH) Public() crypto.PublicKey

type PrivateKeyECDSA added in v0.2.1 

type PrivateKeyECDSA struct {
	// contains filtered or unexported fields
}

func (*PrivateKeyECDSA) Decrypt added in v0.2.1 

func (k *PrivateKeyECDSA) Decrypt(_ io.Reader, _ []byte, _ crypto.DecrypterOpts) (plaintext []byte, err error)

See: OpenPGP Smart Card Application - Section 7.2.11 PSO: DECIPHER

func (*PrivateKeyECDSA) Public added in v0.2.1 

func (k *PrivateKeyECDSA) Public() crypto.PublicKey

func (*PrivateKeyECDSA) Sign added in v0.2.1 

func (k *PrivateKeyECDSA) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

See: OpenPGP Smart Card Application - Section 7.2.10 PSO: COMPUTE DIGITAL SIGNATURE

type PrivateKeyEdDSA added in v0.2.1 

type PrivateKeyEdDSA struct {
	// contains filtered or unexported fields
}

func (PrivateKeyEdDSA) Public added in v0.2.1 

func (k PrivateKeyEdDSA) Public() crypto.PublicKey

func (PrivateKeyEdDSA) Sign added in v0.2.1 

func (k PrivateKeyEdDSA) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

See: OpenPGP Smart Card Application - Section 7.2.10 PSO: COMPUTE DIGITAL SIGNATURE

type PrivateKeyRSA added in v0.2.1 

type PrivateKeyRSA struct {
	// contains filtered or unexported fields
}

func (*PrivateKeyRSA) Bits added in v0.2.1 

func (k *PrivateKeyRSA) Bits() int

func (*PrivateKeyRSA) Decrypt added in v0.2.1 

func (k *PrivateKeyRSA) Decrypt(_ io.Reader, _ []byte, _ crypto.DecrypterOpts) (plaintext []byte, err error)

See: OpenPGP Smart Card Application - Section 7.2.11 PSO: DECIPHER

func (*PrivateKeyRSA) Public added in v0.2.1 

func (k *PrivateKeyRSA) Public() crypto.PublicKey

func (*PrivateKeyRSA) Sign added in v0.2.1 

func (k *PrivateKeyRSA) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) (signature []byte, err error)

See: OpenPGP Smart Card Application - Section 7.2.10 PSO: COMPUTE DIGITAL SIGNATURE

type SecurityOperation 

type SecurityOperation byte
const (
	SecurityOperationSign         SecurityOperation = iota
	SecurityOperationAuthenticate                   // Authentication
	SecurityOperationDecrypt                        // Confidentiality
	SecurityOperationAttest
)

type SecuritySupportTemplate 

type SecuritySupportTemplate struct {
	SignatureCounter int
	CardHolderCerts  [3][]byte
}

func (*SecuritySupportTemplate) Decode 

func (sst *SecuritySupportTemplate) Decode(b []byte) (err error)

type Sex 

type Sex byte
const (
	SexUnknown       Sex = '0'
	SexMale          Sex = '1'
	SexFemale        Sex = '2'
	SexNotApplicable Sex = '9'
)

func (Sex) String 

func (s Sex) String() string

type UIF added in v0.2.1 

type UIF struct {
	Mode    UserInteractionMode
	Feature GeneralFeatures
}

UIF configures the required user interaction for certain security operations.

func (*UIF) Decode added in v0.2.1 

func (uif *UIF) Decode(b []byte) error

func (UIF) Encode added in v0.2.1 

func (uif UIF) Encode() []byte

type UserInteractionMode 

type UserInteractionMode byte
const (
	UserInteractionDisabled     UserInteractionMode = 0x00
	UserInteractionEnabled      UserInteractionMode = 0x01
	UserInteractionEnabledFixed UserInteractionMode = 0x02
	UserInteractionCached       UserInteractionMode = 0x03
	UserInteractionCachedFixed  UserInteractionMode = 0x04
)

Source Files

View all Source files

Directories

Path Synopsis
internal
s2k

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.