Documentation ¶
Overview ¶
Package goyubikey utils for yubikey
Index ¶
- func Attest(yk *piv.YubiKey, slot piv.Slot) (slotCert *x509.Certificate, err error)
- func Decrypt(yk *piv.YubiKey, pin string, slot piv.Slot, cipher []byte) (plaintext []byte, err error)
- func InputPassword(hint string) (string, error)
- func ListCards(skipInvalidCard bool) (cards []*piv.YubiKey, err error)
- func NewPIN() (string, error)
- func NewPUK() (string, error)
- func ResetForPIV(card *piv.YubiKey, pin string, opts ...ResetForPIVOption) (err error)
- func SignWithSHA256(yk *piv.YubiKey, pin string, slot piv.Slot, content io.Reader) (signature []byte, err error)
- func VerifyPIVCerts(certs []*x509.Certificate) error
- type ResetForPIVOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Attest ¶
Attest function attests the key in the slot by yubico Root CA, and returns the certificate of the key.
func Decrypt ¶
func Decrypt(yk *piv.YubiKey, pin string, slot piv.Slot, cipher []byte) (plaintext []byte, err error)
Decrypt decrypt by slot's private key
func InputPassword ¶
InputPassword reads password from stdin input and returns it as a string.
func ListCards ¶
ListCards function lists all Yubikey plugin cards.
Note that Yubikey does not allow concurrent access, and attempting to do so will result in an error message "connecting to smart card: the smart card cannot be accessed because of other connections outstanding".
Therefore, it is necessary to make sure that each card is properly closed after being used.
func ResetForPIV ¶
func ResetForPIV(card *piv.YubiKey, pin string, opts ...ResetForPIVOption) (err error)
ResetForPIV will reset card and set PUK/PIN/PIV key
func SignWithSHA256 ¶
func SignWithSHA256(yk *piv.YubiKey, pin string, slot piv.Slot, content io.Reader) (signature []byte, err error)
SignWithSHA256 signs the content using the private key present in the slot described by YubiKey. It returns the signature or an error in case of any failures.
func VerifyPIVCerts ¶
func VerifyPIVCerts(certs []*x509.Certificate) error
VerifyPIVCerts verify certs exported from yubikey PIV slots by Yubico PIV root ca
Types ¶
type ResetForPIVOption ¶
type ResetForPIVOption func(*resetForPIVOption) error
ResetForPIVOption is option for ResetForPIV
func WithRequireTouch ¶
func WithRequireTouch() ResetForPIVOption
WithRequireTouch (optional) set require touch for PIV key
default is false
func WithSlot ¶
func WithSlot(slot piv.Slot) ResetForPIVOption
WithSlot (optional) set slot for PIV key
default is piv.SlotAuthentication