yubikey

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2025 License: MIT Imports: 16 Imported by: 4

Documentation

Overview

Helpers for using the YubiKey PIV application

Index

Constants

This section is empty.

Variables

View Source 
var AllSlots = append(RetiredSlots, piv.SlotAuthentication, piv.SlotSignature, piv.SlotCardAuthentication, piv.SlotKeyManagement)
View Source 
var RetiredSlots = getRetiredSlots()

Functions

func GetCertificate 

func GetCertificate(yk *piv.YubiKey, slot piv.Slot) (*x509.Certificate, error)

Get the certificate for the given slot. The returned certificate is guaranteed to have a non-nil PublicKey, even if it's an X25519 key. Returns nil, nil if the slot is empty or doesn't have a certificate set.

func GetKeyInfo 

func GetKeyInfo(yk *piv.YubiKey, slot piv.Slot) (piv.KeyInfo, error)

Return public information about the given slot. If the slot is empty, an error is returned.

This function has the following limitations with old firmware:

Firmware < 5.3.0:

  • Function is slow (> 100ms)
  • PINPolicy and TouchPolicy are zero when the key is imported
  • Returns an error (as if the slot were empty) when the key is imported and the slot does not contain a certificate

Firmware < 4.3.0:

  • PINPolicy, TouchPolicy, and Origin are always zero
  • Returns an error (as if the slot were empty) when the slot does not contain a certificate

func OpenCard 

func OpenCard(card string) (*piv.YubiKey, error)

Open the YubiKey in the given card

func OpenSerial 

func OpenSerial(serial uint32) (*piv.YubiKey, error)

Open the YubiKey with the given serial number

func Slot 

func Slot(i uint32) (piv.Slot, bool)

Types

type Client 

type Client struct {
	// PINPrompt, if non-nil, is called to prompt for a PIN.  It must be safe to call concurrently.
	PINPrompt PINPromptFunc

	// HandleError is invoked when an error occurs enumerating keys.
	// If a non-nil error is returned, enumeration fails with the returned error.
	// Otherwise, the error is ignored and enumeration continues.
	// If HandleError is nil, errors during enumeration are ignored.
	// HandleError must be safe to call concurrently.
	HandleError func(error) error
}

A Client is used for accessing the PIV application of attached YubiKeys. A Client's methods are safe to be called concurrently.

func (*Client) GetECDHers 

func (client *Client) GetECDHers() ([]hwkey.ECDHer, error)

Return keys in all attached YubiKeys that can be used with Elliptic Curve Diffie-Hellman (i.e. X25519, P-256, and P-384 keys). It only returns keys with an associated certificate.

The returned ECDHers also implement interface { Certificate() *x509.Certificate } which returns the associated certificate.

func (*Client) GetSigners 

func (client *Client) GetSigners() ([]crypto.Signer, error)

Return keys in all attached YubiKeys that can be used for signing (i.e. RSA, Ed25519, P-256, and P-384). It only returns keys with an associated certificate.

The returned Signers also implement interface { Certificate() *x509.Certificate } which returns the associated certificate.

type PINPromptFunc added in v0.1.0 

type PINPromptFunc func(serialNumber uint32, retriesRemaining int) (pin string, report func(error), err error)

A PINPromptFunc is called to prompt for a PIN. serialNumber is the serial number of the YubiKey or 0 if unknown. If a PINPromptFunc returns a non-nil report func, it is called to report the outcome of using the PIN (a nil error means the PIN was accepted).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.