piv

package

v0.21.0 Latest Latest Go to latest Published: Mar 8, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smlx/piv-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package piv implements the PIV keyservice.

Index ¶

type ECDHKey
- func (k *ECDHKey) Decrypt(_ io.Reader, sexp []byte, _ crypto.DecrypterOpts) ([]byte, error)
- func (k *ECDHKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
type KeyService
- func New(l *zap.Logger, pe *pinentry.PINEntry) *KeyService
type SecurityKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ECDHKey ¶ added in v0.9.0

type ECDHKey struct {
	*pivgo.ECDSAPrivateKey
	// contains filtered or unexported fields
}

ECDHKey implements ECDH using an underlying ECDSA key.

func (*ECDHKey) Decrypt ¶ added in v0.9.0

func (k *ECDHKey) Decrypt(_ io.Reader, sexp []byte,
	_ crypto.DecrypterOpts) ([]byte, error)

Decrypt performs ECDH as per gpg-agent, and implements the crypto.Decrypter interface.

func (*ECDHKey) Sign ¶ added in v0.19.1

func (k *ECDHKey) Sign(rand io.Reader, digest []byte,
	opts crypto.SignerOpts) ([]byte, error)

Sign wraps the underlying private key Sign operation in a mutex.

type KeyService ¶

type KeyService struct {
	// contains filtered or unexported fields
}

KeyService represents a collection of tokens and slots accessed by the Personal Identity Verifaction card interface.

func New ¶

func New(l *zap.Logger, pe *pinentry.PINEntry) *KeyService

New constructs a PIV and returns it.

func (*KeyService) CloseAll ¶ added in v0.14.2

func (p *KeyService) CloseAll()

CloseAll closes all security keys without checking for errors. This should be called to clean up connections to `pcscd`.

func (*KeyService) GetDecrypter ¶

func (p *KeyService) GetDecrypter(keygrip []byte) (crypto.Decrypter, error)

GetDecrypter returns a crypto.Decrypter associated with the given keygrip.

func (*KeyService) GetSigner ¶

func (p *KeyService) GetSigner(keygrip []byte) (crypto.Signer, error)

GetSigner returns a crypto.Signer associated with the given keygrip.

func (*KeyService) HaveKey ¶

func (p *KeyService) HaveKey(keygrips [][]byte) (bool, []byte, error)

HaveKey takes a list of keygrips, and returns a boolean indicating if any of the given keygrips were found, the found keygrip, and an error, if any.

func (*KeyService) Keygrips ¶ added in v0.9.0

func (p *KeyService) Keygrips() ([][]byte, error)

Keygrips returns a single slice of concatenated keygrip byteslices - one for each cryptographic key available on the keyservice.

func (*KeyService) Name ¶

func (*KeyService) Name() string

Name returns the name of the keyservice.

func (*KeyService) SecurityKeys ¶

func (p *KeyService) SecurityKeys() ([]SecurityKey, error)

SecurityKeys returns a slice containing all available security keys.

type SecurityKey ¶

type SecurityKey interface {
	AttestationCertificate() (*x509.Certificate, error)
	Card() string
	Close() error
	Comment(*securitykey.SlotSpec) string
	PrivateKey(*securitykey.CryptoKey) (crypto.PrivateKey, error)
	SigningKeys() []securitykey.SigningKey
	CryptoKeys() []securitykey.CryptoKey
	StringsGPG(string, string) ([]string, error)
	StringsSSH() []string
}

SecurityKey is a simple interface for security keys allowing abstraction over the securitykey implementation, and allowing generation of mocks for testing.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL