yubikey

package
v0.8.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2025 License: Apache-2.0 Imports: 7 Imported by: 2

Documentation

Overview

Package yubikey implements basic support for getting status and details about YubiKey tokens.

Index

Constants

View Source 
const (
	TagCapsSupportedUSB tlv.Tag = 0x01
	TagSerialNumber     tlv.Tag = 0x02
	TagCapsEnabledUSB   tlv.Tag = 0x03
	TagFormFactor       tlv.Tag = 0x04
	TagFirmwareVersion  tlv.Tag = 0x05
	TagAutoEjectTimeout tlv.Tag = 0x06
	TagChalRespTimeout  tlv.Tag = 0x07
	TagDeviceFlags      tlv.Tag = 0x08
	TagAppVersions      tlv.Tag = 0x09
	TagConfigLock       tlv.Tag = 0x0A
	TagUnlock           tlv.Tag = 0x0B
	TagReboot           tlv.Tag = 0x0C
	TagCapsSupportedNFC tlv.Tag = 0x0D
	TagCapsEnabledNFC   tlv.Tag = 0x0E
)
View Source 
const (
	// https://docs.yubico.com/yesdk/users-manual/application-otp/otp-commands.html
	InsOTP        iso.Instruction = 0x01 // Most commands of the OTP applet use this value
	InsReadStatus iso.Instruction = 0x03
)

Variables

View Source 
var (
	IsFIPS = withDeviceInfo(func(di *DeviceInfo) bool {
		return di.IsFIPS
	})
	IsLocked = withDeviceInfo(func(di *DeviceInfo) bool {
		return di.IsLocked
	})
)
View Source 
var ErrInvalidResponseLength = errors.New("invalid response length")

Functions

func HasFIDO2 

func HasFIDO2(card iso.PCSCCard) (bool, error)

HasFIDO2 is a filter which checks if the YubiKey has the FIDO2 applet enabled.

func HasFormFactor 

func HasFormFactor(ff FormFactor) filter.Filter

HasFormFactor returns a filter which checks if the YubiKey has a given form factor.

func HasHSMAuth 

func HasHSMAuth(card iso.PCSCCard) (bool, error)

HasHSMAuth is a filter which checks if the YubiKey has the HSM authentication applet enabled.

func HasOATH 

func HasOATH(card iso.PCSCCard) (bool, error)

HasOATH is a filter which checks if the YubiKey has the OATH applet enabled.

func HasOTP 

func HasOTP(card iso.PCSCCard) (bool, error)

HasOTP is a filter which checks if the YubiKey has the OTP applet enabled.

func HasOpenPGP 

func HasOpenPGP(card iso.PCSCCard) (bool, error)

HasOpenPGP is a filter which checks if the YubiKey has the OpenPGP applet enabled.

func HasPIV 

func HasPIV(card iso.PCSCCard) (bool, error)

HasPIV is a filter which checks if the YubiKey has the PIV applet enabled.

func HasU2F 

func HasU2F(card iso.PCSCCard) (bool, error)

HasU2F is a filter which checks if the YubiKey has the U2F applet enabled.

func HasVersion added in v0.2.0 

func HasVersion(v iso.Version) filter.Filter

HasVersion checks that the card has a firmware version equal or higher than the given one.

func HasVersionStr added in v0.2.0 

func HasVersionStr(s string) filter.Filter

func IsSerialNumber 

func IsSerialNumber(sno uint32) filter.Filter

func Metadata added in v0.5.0 

func Metadata(card *iso.Card) (meta map[string]any)

Types

type Capability 

type Capability int
const (
	CapOTP     Capability = 0x01
	CapU2F     Capability = 0x02
	CapFIDO2   Capability = 0x200
	CapOATH    Capability = 0x20
	CapPIV     Capability = 0x10
	CapOpenPGP Capability = 0x08
	CapHSMAUTH Capability = 0x100
)

type Card added in v0.8.0 

type Card struct {
	*iso.Card
}

func NewCard added in v0.8.0 

func NewCard(card iso.PCSCCard) *Card

func (*Card) DeviceInfo added in v0.8.0 

func (c *Card) DeviceInfo() (*DeviceInfo, error)

GetDeviceInfo returns device information about the YubiKey token.

func (*Card) FIPSMode added in v0.8.0 

func (c *Card) FIPSMode() (bool, error)

FIPSMode returns returns the FIPS compliancy state of the YubiKey token.

func (*Card) SerialNumber added in v0.8.0 

func (c *Card) SerialNumber() (uint32, error)

SerialNumber returns the serial number of the YubiKey token.

func (*Card) Status added in v0.8.0 

func (c *Card) Status() (*Status, error)

Status returns the status of the YubiKey token.

type DeviceFlag 

type DeviceFlag byte
const (
	DeviceFlagRemoteWakeup DeviceFlag = 0x40
	DeviceFlagEject        DeviceFlag = 0x80
)

type DeviceInfo 

type DeviceInfo struct {
	Flags            DeviceFlag
	CapsSupportedUSB Capability
	CapsEnabledUSB   Capability
	CapsSupportedNFC Capability
	CapsEnabledNFC   Capability
	SerialNumber     uint32
	FirmwareVersion  iso.Version
	FormFactor       FormFactor
	AutoEjectTimeout time.Duration
	ChalRespTimeout  time.Duration
	IsLocked         bool
	IsSky            bool
	IsFIPS           bool
}

func (*DeviceInfo) Unmarshal 

func (di *DeviceInfo) Unmarshal(b []byte) error

nolint: gocognit

type FormFactor 

type FormFactor byte
const (
	FormFactorUnknown       FormFactor = 0x00
	FormFactorUSBAKeychain  FormFactor = 0x01
	FormFactorUSBANano      FormFactor = 0x02
	FormFactorUSBCKeychain  FormFactor = 0x03
	FormFactorUSBCNano      FormFactor = 0x04
	FormFactorUSBCLightning FormFactor = 0x05
	FormFactorUSBABio       FormFactor = 0x06
	FormFactorUSBCBio       FormFactor = 0x07
)

type Status 

type Status struct {
	Version    iso.Version
	Sequence   uint8
	TouchLevel uint16
}

func (*Status) Unmarshal 

func (s *Status) Unmarshal(b []byte) error

Source Files

  • device_info.go
  • filter.go
  • otp.go
  • yubikey.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.