Directories
¶
| Path | Synopsis |
|---|---|
|
commands
|
|
|
rekey
Package rekey implements the `cryptkey rekey` command, which rebuilds a profile's Shamir share set under a new (n', t') and provider list while preserving the existing master key and output salt.
|
Package rekey implements the `cryptkey rekey` command, which rebuilds a profile's Shamir share set under a new (n', t') and provider list while preserving the existing master key and output salt. |
|
Package config handles reading and writing cryptkey profile files.
|
Package config handles reading and writing cryptkey profile files. |
|
Package crypto provides cryptographic primitives for cryptkey: HKDF-SHA256 key derivation and AES-256-GCM authenticated encryption of Shamir shares.
|
Package crypto provides cryptographic primitives for cryptkey: HKDF-SHA256 key derivation and AES-256-GCM authenticated encryption of Shamir shares. |
|
hkdfinfo
Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey.
|
Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey. |
|
keyformat
Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys).
|
Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys). |
|
shamir
Package shamir implements Shamir's Secret Sharing over GF(256).
|
Package shamir implements Shamir's Secret Sharing over GF(256). |
|
Package enrollment contains the shared logic for enrolling providers and building a cryptkey profile.
|
Package enrollment contains the shared logic for enrolling providers and building a cryptkey profile. |
|
Package progress provides structured status reporting for the derive flow.
|
Package progress provides structured status reporting for the derive flow. |
|
Package provider defines the interface for cryptkey authentication providers.
|
Package provider defines the interface for cryptkey authentication providers. |
|
fido2
Package fido2 implements a provider that derives a 32-byte secret from a FIDO2 hardware key using the hmac-secret extension.
|
Package fido2 implements a provider that derives a 32-byte secret from a FIDO2 hardware key using the hmac-secret extension. |
|
passkey
Package passkey implements a provider that uses the WebAuthn PRF extension via the user's browser to derive a deterministic 32-byte secret from a passkey (platform authenticator, security key, or cross-device via phone).
|
Package passkey implements a provider that uses the WebAuthn PRF extension via the user's browser to derive a deterministic 32-byte secret from a passkey (platform authenticator, security key, or cross-device via phone). |
|
passphrase
Package passphrase implements a provider that derives a 32-byte secret from a user-supplied passphrase using Argon2id.
|
Package passphrase implements a provider that derives a 32-byte secret from a user-supplied passphrase using Argon2id. |
|
piv
Package piv implements a provider that derives a 32-byte secret from a PIV-compatible hardware token (e.g., YubiKey) using the go-piv library.
|
Package piv implements a provider that derives a 32-byte secret from a PIV-compatible hardware token (e.g., YubiKey) using the go-piv library. |
|
recovery
Package recovery implements a provider that generates a high-entropy recovery code, displays it once, and derives a 32-byte secret from it via Argon2id.
|
Package recovery implements a provider that generates a high-entropy recovery code, displays it once, and derives a 32-byte secret from it via Argon2id. |
|
sshagent
Package sshagent implements a provider that derives a 32-byte secret by having the SSH agent sign a deterministic challenge.
|
Package sshagent implements a provider that derives a 32-byte secret by having the SSH agent sign a deterministic challenge. |
|
sshkey
Package sshkey implements a provider that derives a 32-byte secret from an SSH private key.
|
Package sshkey implements a provider that derives a 32-byte secret from an SSH private key. |
|
tpm
Package tpm implements a provider that derives a 32-byte secret using a TPM 2.0 HMAC key.
|
Package tpm implements a provider that derives a 32-byte secret using a TPM 2.0 HMAC key. |
|
Package timeout provides a context-based timeout wrapper with Enter-to-skip and Escape/Ctrl+C support via /dev/tty for hardware provider derivation.
|
Package timeout provides a context-based timeout wrapper with Enter-to-skip and Escape/Ctrl+C support via /dev/tty for hardware provider derivation. |
Click to show internal directories.
Click to hide internal directories.