Comments (7)
A-ha! Found the difference! decipher
is the final argument to _general_authenticate
and the code branches based on it:
from piv-go.
I tried reproducing the 0x81->0x85 difference here
Line 756 in d3b05b2
but that just broke with
command failed: smart card error 6a80: incorrect parameter in command data field
Same yubikey, same slot, works with ykpiv. I must be still doing something wrong.
from piv-go.
Ah, signing was silently truncating the input still. Commenting out this line kludges ykSignECDSA
into a ECDH function.
Line 746 in d3b05b2
from piv-go.
Now, obviously the above is not the right way to do it, just a proof of concept.
How should the real API look like?
I'm not thrilled by the idea of a Decrypt that doesn't really decrypt. Should YubiKey.PrivateKey return value learn an extra optional interface?
type KeyAgreement interface {
// Perform a Diffie-Hellman key agreement with the peer.
//
// Peer's public key must use the same algorithm as
// the key in this slot, or returns error ErrMismatchingAlgorithms.
KeyAgreement(peer crypto.PublicKey) ([]byte, error)
}
from piv-go.
I guess that KeyAgreement should take rand io.Reader
and opts crypto.SignerOpts
too, even if ECDSA doesn't use them?
Any thoughts on the name of the interface, can't -er name it easily. KeyAgreementer. KeyAgreer. Are there good synonyms for the Diffie-Hellman operation? I already intentionally made it not say EC or DH, because I thought both of those were algorithm-specific details.
from piv-go.
I'll have a pull request ready as soon as I figure out how this library is tested.
from piv-go.
First stab is at https://github.com/tv42/piv-go/tree/wip-ecdh, without tests for now.
from piv-go.
Related Issues (20)
- Build failure on arm FreeBSD HOT 2
- Possibility of cutting a new release to include OpenBSD support? HOT 3
- Support AES Management keys HOT 3
- NFC and ISO 7816 support HOT 3
- Expose keyRSA and keyEd25519 type HOT 2
- Incompatibility with Go 1.20rc1 HOT 3
- Support for linux armv7 HOT 3
- Pivot
- Error: Unable to open the Yubikey card: connecting to smart card: the smart card cannot be accessed because of other connections outstanding HOT 1
- rsassa-pss signatures not supported HOT 3
- Bump go.mod version HOT 1
- Unable to build on macOS HOT 6
- Cross compile linux amd64 -> darwin amd64 issues with CGO (`<angled> include; use "quotes" instead`) HOT 2
- PIV Emulation? HOT 2
- Private key decryption on Yubikey by ECDSA HOT 2
- Support GET METADATA command and use it to derive default PIN policy HOT 1
- Support new key types in Yubikey 5.7 firmware HOT 4
- How to decrypt without certificate [Question] HOT 1
- yubikey 5.7.x firmware uses an aes192 default management key instead of 3des HOT 7
- Release v2 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from piv-go.