securitykey

package

v0.21.0 Latest Latest Go to latest Published: Mar 8, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smlx/piv-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package securitykey provides an interface to a physical security key such as a Yubikey.

Index ¶

Variables
type CryptoKey
type DecryptingKey
type Entity
type SecurityKey
- func New(card string, pe *pinentry.PINEntry) (*SecurityKey, error)
type SigningKey
type SlotSpec

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrKeySetUp = errors.New("security key already set up")

ErrKeySetUp is returned from Setup when the security key is already set up and reset is false.

Functions ¶

This section is empty.

Types ¶

type CryptoKey ¶ added in v0.9.0

type CryptoKey struct {
	SlotSpec SlotSpec
	Public   crypto.PublicKey
}

CryptoKey represents a cryptographic key on a hardware security device.

type DecryptingKey ¶ added in v0.9.0

type DecryptingKey struct {
	CryptoKey
	PubPGP *packet.PublicKey
}

DecryptingKey is a cryptographic decrypting key on a hardware security device.

type Entity ¶

type Entity struct {
	openpgp.Entity
	CryptoKey
}

Entity wraps a synthesized openpgp.Entity and associates it with a SigningKey.

type SecurityKey ¶

type SecurityKey struct {
	// contains filtered or unexported fields
}

A SecurityKey is a physical hardware token which implements PIV, such as a Yubikey. It provides a convenient abstraction around the low-level piv.YubiKey object.

func New ¶

func New(card string, pe *pinentry.PINEntry) (*SecurityKey, error)

New returns a security key identified by card string.

func (*SecurityKey) AttestationCertificate ¶

func (k *SecurityKey) AttestationCertificate() (*x509.Certificate, error)

AttestationCertificate returns the attestation certificate of the underlying yubikey.

func (*SecurityKey) Card ¶

func (k *SecurityKey) Card() string

Card returns the card identifier.

func (*SecurityKey) Close ¶

func (k *SecurityKey) Close() error

Close closes the underlying yubikey.

func (*SecurityKey) Comment ¶ added in v0.4.0

func (k *SecurityKey) Comment(ss *SlotSpec) string

Comment returns a comment suitable for e.g. the SSH public key format

func (*SecurityKey) CryptoKeys ¶ added in v0.9.0

func (k *SecurityKey) CryptoKeys() []CryptoKey

CryptoKeys returns the slice of cryptographic signing and decrypting keys held by the SecurityKey.

func (*SecurityKey) DecryptingKeys ¶ added in v0.9.0

func (k *SecurityKey) DecryptingKeys() []DecryptingKey

DecryptingKeys returns the slice of cryptographic decrypting keys held by the SecurityKey.

func (*SecurityKey) PrivateKey ¶

func (k *SecurityKey) PrivateKey(c *CryptoKey) (crypto.PrivateKey, error)

PrivateKey returns the private key of the given public signing key.

func (*SecurityKey) Retries ¶

func (k *SecurityKey) Retries() (int, error)

Retries returns the number of attempts remaining to enter the correct PIN.

func (*SecurityKey) Serial ¶

func (k *SecurityKey) Serial() uint32

Serial returns the serial number of the SecurityKey.

func (*SecurityKey) Setup ¶

func (k *SecurityKey) Setup(pin, version string, reset bool,
	signingKeys []string, decryptingKeys []string) error

Setup configures the SecurityKey to work with piv-agent.

func (*SecurityKey) SetupSlots ¶ added in v0.12.0

func (k *SecurityKey) SetupSlots(pin, version string, reset bool,
	signingKeys []string, decryptingKeys []string) error

SetupSlots configures slots on the security key without resetting it completely.

func (*SecurityKey) SigningKeys ¶

func (k *SecurityKey) SigningKeys() []SigningKey

SigningKeys returns the slice of cryptographic signing keys held by the SecurityKey.

func (*SecurityKey) StringsGPG ¶

func (k *SecurityKey) StringsGPG(name, email string) ([]string, error)

StringsGPG returns an array of commonly formatted GPG keys as strings.

func (*SecurityKey) StringsSSH ¶

func (k *SecurityKey) StringsSSH() []string

StringsSSH returns an array of commonly formatted SSH keys as strings.

type SigningKey ¶

type SigningKey struct {
	CryptoKey
	PubSSH ssh.PublicKey
	PubPGP *packet.PublicKey
}

SigningKey is a public signing key on a security key / hardware token.

type SlotSpec ¶

type SlotSpec struct {
	Slot        piv.Slot
	TouchPolicy piv.TouchPolicy
}

SlotSpec represents a combination of slot and touch policy on the token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL