keyring

package

v0.0.0-...-ab65172 Latest Latest Go to latest Published: Aug 6, 2023 License: BSD-3-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gsora/fidati

Links

Open Source Insights

Documentation ¶

Index ¶

type Counter
type Keyring
- func New(mk []byte, counter Counter) *Keyring

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Counter ¶

type Counter interface {
	Increment(appID, challenge, keyHandle []byte) (uint32, error)
	UserPresence() bool
}

Counter is some sort of interface to a counter (like, a monotonic counter) and to a user presence confirmation device.

type Keyring ¶

type Keyring struct {
	Counter   Counter
	MasterKey []byte
}

Keyring represents a mechanism to derive deterministic relying party authentication private keys given a master key. A Keyring needs a Counter to be able to pass along the counter value recommended by the FIDO U2F standard. Keyring implements the key wrapping method described by Yubico: https://www.yubico.com/blog/yubicos-u2f-key-wrapping/.

func New ¶

func New(mk []byte, counter Counter) *Keyring

New returns a Keyring pointer given a master key and a Counter.

func (*Keyring) Authenticate ¶

func (k *Keyring) Authenticate(appID, challenge, keyHandle []byte, userPresence bool) ([]byte, uint32, error)

Authenticate returns a valid FIDO2 U2F authentication signature for the given application ID, authentication challenge, key handle and a byte indicating whether user presence was confirmed or not. It also returns the updated count to be used in the authentication message, and an error.

func (*Keyring) NonceFromKeyHandle ¶

func (k *Keyring) NonceFromKeyHandle(kh []byte) []byte

NonceFromKeyHandle returns the nonce from a given keyhandle. Assumes SHA-256 as hashing function.

func (*Keyring) Register ¶

func (k *Keyring) Register(appID []byte, nonce []byte) (*ecdsa.PublicKey, []byte, error)

Register deterministically derives an ECDSA public key given an application ID. It also returns a key handle (also deterministic) and an error. If nonce is not nil, it will be used for the derivation process.

Source Files ¶

View all Source files

keyring.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL