securitykey

Documentation

Index

• Variables
• type Entity
• type SecurityKey
  • func New(card string) (*SecurityKey, error)
  • func (k *SecurityKey) AttestationCertificate() (*x509.Certificate, error)
  • func (k *SecurityKey) Card() string
  • func (k *SecurityKey) Close() error
  • func (k *SecurityKey) Comment(ss *SlotSpec) string
  • func (k *SecurityKey) PrivateKey(s *SigningKey) (crypto.PrivateKey, error)
  • func (k *SecurityKey) Retries() (int, error)
  • func (k *SecurityKey) Serial() uint32
  • func (k *SecurityKey) Setup(pin, version string, reset bool) error
  • func (k *SecurityKey) SigningKeys() []SigningKey
  • func (k *SecurityKey) StringsGPG(name, email string) ([]string, error)
  • func (k *SecurityKey) StringsSSH() []string
• type SigningKey
• type SlotSpec

Variables

var ErrNotReset = errors.New("security key already set up")

ErrNotReset is returned from Setup when the security key is already set up and reset is false.

Types

type Entity

type Entity struct {
	openpgp.Entity
	SigningKey
}

Entity wraps a synthesized openpgp.Entity and associates it with a SigningKey.

type SecurityKey

type SecurityKey struct {
	// contains filtered or unexported fields
}

A SecurityKey is a physical hardware token which implements PIV, such as a Yubikey. It provides a convenient abstraction around the low-level piv.YubiKey object.

func New

func New(card string) (*SecurityKey, error)

New returns a security key identified by card string.

func (*SecurityKey) AttestationCertificate

func (k *SecurityKey) AttestationCertificate() (*x509.Certificate, error)

AttestationCertificate returns the attestation certificate of the underlying yubikey.

func (*SecurityKey) Card

func (k *SecurityKey) Card() string

Card returns the card identifier.

func (*SecurityKey) Close

func (k *SecurityKey) Close() error

Close closes the underlying yubikey.

func (*SecurityKey) Comment

func (k *SecurityKey) Comment(ss *SlotSpec) string

Comment returns a comment suitable for e.g. the SSH public key format

func (*SecurityKey) PrivateKey

func (k *SecurityKey) PrivateKey(s *SigningKey) (crypto.PrivateKey, error)

PrivateKey returns the private key of the given public signing key.

func (*SecurityKey) Retries

func (k *SecurityKey) Retries() (int, error)

Retries returns the number of attempts remaining to enter the correct PIN.

func (*SecurityKey) Serial

func (k *SecurityKey) Serial() uint32

Serial returns the serial number of the SecurityKey.

func (*SecurityKey) Setup

func (k *SecurityKey) Setup(pin, version string, reset bool) error

Setup configures the SecurityKey to work with piv-agent.

func (*SecurityKey) SigningKeys

func (k *SecurityKey) SigningKeys() []SigningKey

SigningKeys returns the slice of signing keys held by the SecurityKey.

func (*SecurityKey) StringsGPG

func (k *SecurityKey) StringsGPG(name, email string) ([]string, error)

StringsGPG returns an array of commonly formatted GPG keys as strings.

func (*SecurityKey) StringsSSH

func (k *SecurityKey) StringsSSH() []string

StringsSSH returns an array of commonly formatted SSH keys as strings.

type SigningKey

type SigningKey struct {
	SlotSpec *SlotSpec
	Public   crypto.PublicKey
	PubSSH   ssh.PublicKey
	PubPGP   *packet.PublicKey
}

SigningKey is a public signing key on a security key / hardware token.

type SlotSpec

type SlotSpec struct {
	Slot        piv.Slot
	TouchPolicy piv.TouchPolicy
}

SlotSpec represents a combination of slot and touch policy on the token.