Skip to content

Commit

Permalink
Support Ed25519 keys in setup
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickray
nickray committed May 18, 2020
1 parent 8781bc0 commit 6bd6e19
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 3 deletions.
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,5 @@ require (
github.com/gopasspw/gopass v1.9.1
golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
)

replace github.com/go-piv/piv-go => github.com/go-piv/piv-go v1.5.1-0.20200518213843-e6548dd11f02
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ github.com/gdamore/tcell v1.3.0 h1:r35w0JBADPZCVQijYebl6YMWWtHRqVEGt7kL2eBADRM=
github.com/gdamore/tcell v1.3.0/go.mod h1:Hjvr+Ofd+gLglo7RYKxxnzCBmev3BzsS67MebKS4zMM=
github.com/go-piv/piv-go v1.5.0 h1:UtHPfrJsZKY+Z3UIjmJLh6DY+KtmNOl/9b/zt4N81pM=
github.com/go-piv/piv-go v1.5.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk=
github.com/go-piv/piv-go v1.5.1-0.20200518213843-e6548dd11f02 h1:gPojWOKTZxwWuNoQw/004S5U+/ECewLZAwJqZQocRYI=
github.com/go-piv/piv-go v1.5.1-0.20200518213843-e6548dd11f02/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk=
github.com/godbus/dbus v0.0.0-20190623212516-8a1682060722 h1:NNKZiuNXd6lpZRyoFM/uhssj5W9Ps1DbhGHxT49Pm9I=
github.com/godbus/dbus v0.0.0-20190623212516-8a1682060722/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/gokyle/twofactor v1.0.1 h1:uRhvx0S4Hb82RPIDALnf7QxbmPL49LyyaCkJDpWx+Ek=
Expand Down
5 changes: 4 additions & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ package main
import (
"bytes"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/rand"
"crypto/rsa"
"errors"
Expand Down Expand Up @@ -47,6 +48,7 @@ func main() {
}

socketPath := flag.String("l", "", "agent: path of the UNIX socket to listen on")
ed25519Flag := flag.Bool("ed25519", false, "setup: generate Ed25519 key")
resetFlag := flag.Bool("really-delete-all-piv-keys", false, "setup: reset the PIV applet")
setupFlag := flag.Bool("setup", false, "setup: configure a new YubiKey")
flag.Parse()
Expand All @@ -61,7 +63,7 @@ func main() {
if *resetFlag {
runReset(yk)
}
runSetup(yk)
runSetup(yk, *ed25519Flag)
} else {
if *socketPath == "" {
flag.Usage()
Expand Down Expand Up @@ -226,6 +228,7 @@ func getPublicKey(yk *piv.YubiKey, slot piv.Slot) (ssh.PublicKey, error) {
}
switch cert.PublicKey.(type) {
case *ecdsa.PublicKey:
case ed25519.PublicKey:
case *rsa.PublicKey:
default:
return nil, fmt.Errorf("unexpected public key type: %T", cert.PublicKey)
Expand Down
9 changes: 7 additions & 2 deletions setup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ func runReset(yk *piv.YubiKey) {
}
}

func runSetup(yk *piv.YubiKey) {
func runSetup(yk *piv.YubiKey, ed25519 bool) {
if _, err := yk.Certificate(piv.SlotAuthentication); err == nil {
log.Println("‼️ This YubiKey looks already setup")
log.Println("")
Expand Down Expand Up @@ -136,8 +136,13 @@ func runSetup(yk *piv.YubiKey) {
log.Fatalln("use --really-delete-all-piv-keys ⚠️")
}

alg := piv.AlgorithmEC256
if ed25519 {
// hack it in, this relies on the piv-go patch
alg = piv.AlgorithmEd25519
}
pub, err := yk.GenerateKey(key, piv.SlotAuthentication, piv.Key{
Algorithm: piv.AlgorithmEC256,
Algorithm: alg,
PINPolicy: piv.PINPolicyOnce,
TouchPolicy: piv.TouchPolicyAlways,
})
Expand Down

0 comments on commit 6bd6e19

Please sign in to comment.