yubikey

package

v1.4.0 Latest Latest Go to latest Published: Aug 21, 2023 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/united-manufacturing-hub/yCrypt

Documentation ¶

Index ¶

func CloseAllPIVHandles()
func RefreshSmartCards()
type SmartCard
- func GetValidSmartCards(serialFilter *uint32) []SmartCard
type ThreadSafeYubikey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CloseAllPIVHandles ¶

func CloseAllPIVHandles()

CloseAllPIVHandles must be called at the end of the program

func RefreshSmartCards ¶

func RefreshSmartCards()

RefreshSmartCards resets the smart card list

Types ¶

type SmartCard ¶

type SmartCard struct {
	Name          string
	Pin           string
	Puk           string
	Version       piv.Version
	Serial        uint32
	ManagementKey [24]byte
	// contains filtered or unexported fields
}

SmartCard contains information to uniquely identify a SmartCard

func GetValidSmartCards ¶

func GetValidSmartCards(serialFilter *uint32) []SmartCard

GetValidSmartCards returns a list of valid smart cards, optionally filtered by the given serial number

func (*SmartCard) Attest ¶

func (c *SmartCard) Attest(slot piv.Slot) (cert *x509.Certificate, err error)

Attest attests the certificate on the YubiKey

func (*SmartCard) GenerateKey ¶

func (c *SmartCard) GenerateKey(slot piv.Slot, key piv.Key) (err error)

GenerateKey generates a new key on the YubiKey

func (*SmartCard) GetAttestation ¶

func (c *SmartCard) GetAttestation(toVerify piv.Slot) (attestation *piv.Attestation, err error)

GetAttestation returns the attestation certificate of the YubiKey

func (*SmartCard) GetAttestationCertificate ¶

func (c *SmartCard) GetAttestationCertificate() (cert *x509.Certificate, err error)

GetAttestationCertificate returns the attestation certificate of the YubiKey

func (*SmartCard) GetCertificate ¶

func (c *SmartCard) GetCertificate(slot piv.Slot) (cert *x509.Certificate, err error)

GetCertificate returns the certificate of a slot on the YubiKey

func (*SmartCard) GetPublicKey ¶

func (c *SmartCard) GetPublicKey(slot piv.Slot) (publicKey any, err error)

GetPublicKey returns the public key of a slot on the YubiKey

func (*SmartCard) GetYKHandle ¶

func (c *SmartCard) GetYKHandle() (*ThreadSafeYubikey, error)

func (*SmartCard) ImportCertificate ¶

func (c *SmartCard) ImportCertificate(slot piv.Slot, cert *x509.Certificate) error

ImportCertificate imports a certificate on the YubiKey

func (*SmartCard) ResetYubikey ¶

func (c *SmartCard) ResetYubikey() error

ResetYubikey resets the YubiKey

type ThreadSafeYubikey ¶

type ThreadSafeYubikey struct {
	// contains filtered or unexported fields
}

ThreadSafeYubikey is a thread safe wrapper for the yubikey It contains information about the yubikey and a lock to prevent concurrent access It also contains a boolean to check if the yubikey is open

func (*ThreadSafeYubikey) Attest ¶

func (y *ThreadSafeYubikey) Attest(slot piv.Slot) (*x509.Certificate, error)

Attest generates an attestation of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) AttestationCertificate ¶

func (y *ThreadSafeYubikey) AttestationCertificate() (*x509.Certificate, error)

AttestationCertificate returns the attestation certificate of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Certificate ¶

func (y *ThreadSafeYubikey) Certificate(slot piv.Slot) (*x509.Certificate, error)

Certificate returns the certificate of a slot in the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Close ¶

func (y *ThreadSafeYubikey) Close() error

Close closes the yubikey, once all other locks are released

func (*ThreadSafeYubikey) GenerateKey ¶

func (y *ThreadSafeYubikey) GenerateKey(key [24]byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error)

GenerateKey generates a key in the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Metadata ¶

func (y *ThreadSafeYubikey) Metadata(pin string) (*piv.Metadata, error)

Metadata returns the metadata of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) PrivateKey ¶

func (y *ThreadSafeYubikey) PrivateKey(slot piv.Slot, public crypto.PublicKey, auth piv.KeyAuth) (
	crypto.PrivateKey,
	error)

PrivateKey returns the private key of a slot in the yubikey, once all other locks are released Note: The private key never really leaves the yubikey, this will only return an interface to the key

func (*ThreadSafeYubikey) Reset ¶

func (y *ThreadSafeYubikey) Reset() error

Reset resets the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Retries ¶

func (y *ThreadSafeYubikey) Retries() (int, error)

Retries returns the number of retries left to unlock the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Serial ¶

func (y *ThreadSafeYubikey) Serial() (uint32, error)

Serial returns the serial number of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetCertificate ¶

func (y *ThreadSafeYubikey) SetCertificate(key [24]byte, slot piv.Slot, cert *x509.Certificate) error

SetCertificate sets the certificate of a slot in the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetManagementKey ¶

func (y *ThreadSafeYubikey) SetManagementKey(oldKey, newKey [24]byte) error

SetManagementKey sets the management key of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetMetadata ¶

func (y *ThreadSafeYubikey) SetMetadata(key [24]byte, m *piv.Metadata) error

SetMetadata sets the metadata of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetPIN ¶

func (y *ThreadSafeYubikey) SetPIN(oldPIN, newPIN string) error

SetPIN sets the PIN of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetPUK ¶

func (y *ThreadSafeYubikey) SetPUK(oldPUK, newPUK string) error

SetPUK sets the PUK of the yubikey, once all other locks are released

func (*ThreadSafeYubikey) SetPrivateKeyInsecure ¶

func (y *ThreadSafeYubikey) SetPrivateKeyInsecure(
	key [24]byte,
	slot piv.Slot,
	private crypto.PrivateKey,
	policy piv.Key) error

SetPrivateKeyInsecure sets the private key of a slot in the yubikey, once all other locks are released

func (*ThreadSafeYubikey) Unblock ¶

func (y *ThreadSafeYubikey) Unblock(puk, newPIN string) error

Unblock sets a new PIN using the PUK, once all other locks are released

func (*ThreadSafeYubikey) Version ¶

func (y *ThreadSafeYubikey) Version() piv.Version

Version returns the version of the yubikey, once all other locks are released

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL