yubikey

package

v0.44.8 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 15 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smallstep/crypto

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type YubiKey
- func New(_ context.Context, opts apiv1.Options) (*YubiKey, error)

Constants ¶

View Source

const Scheme = string(apiv1.YubiKey)

Scheme is the scheme used in uris, the string "yubikey".

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type YubiKey ¶

type YubiKey struct {
	// contains filtered or unexported fields
}

YubiKey implements the KMS interface on a YubiKey.

func New ¶

func New(_ context.Context, opts apiv1.Options) (*YubiKey, error)

New initializes a new YubiKey KMS.

The most common way to open a YubiKey is to add a URI in the options:

New(ctx, &apiv1.Options{
    URI: yubikey:pin-value=123456,
})

This URI can also provide the management key in hexadecimal format if the default one is not used, and the serial number of the card if we want to support multiple cards at the same time.

yubikey:management-key=001122334455667788990011223344556677889900112233?pin-value=123456
yubikey:serial=112233?pin-source=/var/run/yubikey.pin

You can also define a slot id, this will be ignored in this method but can be useful on CLI applications.

yubikey:slot-id=9a?pin-value=123456

If the pin or the management-key are not provided, we will use the default ones.

func (*YubiKey) Close ¶

func (k *YubiKey) Close() error

Close releases the connection to the YubiKey.

func (*YubiKey) CreateAttestation ¶ added in v0.19.0

func (k *YubiKey) CreateAttestation(req *apiv1.CreateAttestationRequest) (*apiv1.CreateAttestationResponse, error)

CreateAttestation creates an attestation certificate from a YubiKey slot.

Experimental ¶

Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.

func (*YubiKey) CreateDecrypter ¶ added in v0.22.0

func (k *YubiKey) CreateDecrypter(req *apiv1.CreateDecrypterRequest) (crypto.Decrypter, error)

CreateDecrypter creates a crypto.Decrypter using the key present in the configured Yubikey slot.

func (*YubiKey) CreateKey ¶

func (k *YubiKey) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)

CreateKey generates a new key in the YubiKey and returns the public key.

func (*YubiKey) CreateSigner ¶

func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner creates a signer using the key present in the YubiKey signature slot.

func (*YubiKey) GetPublicKey ¶

func (k *YubiKey) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey returns the public key present in the YubiKey signature slot.

func (*YubiKey) LoadCertificate ¶

func (k *YubiKey) LoadCertificate(req *apiv1.LoadCertificateRequest) (*x509.Certificate, error)

LoadCertificate implements kms.CertificateManager and loads a certificate from the YubiKey.

func (*YubiKey) Serial ¶ added in v0.44.2

func (k *YubiKey) Serial() (string, error)

Serial returns the serial number of the PIV card or and empty string if retrieval fails

func (*YubiKey) StoreCertificate ¶

func (k *YubiKey) StoreCertificate(req *apiv1.StoreCertificateRequest) error

StoreCertificate implements kms.CertificateManager and stores a certificate in the YubiKey.

Source Files ¶

View all Source files

yubikey.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL