AssertSoftwarePrivateKey returns nil if the given private key PEM looks like a raw software private key as opposed to a hardware key (yubikey).

AttestationStatementFromProto converts an AttestationStatement from its protobuf form.

GetYubiKeyPrivateKey attempt to retrieve a YubiKey private key matching the given hardware key policy from the given slot.

IsPrivateKeyPolicyError returns true if the given error is a private key policy error.

LoadKeyPair returns the PrivateKey for the given private and public key files.

LoadPrivateKey returns the PrivateKey for the given key file.

LoadX509KeyPair parse a tls.Certificate from a private key file and certificate file.

MarshalPrivateKey will return a PEM encoded crypto.Signer.

MarshalPublicKey returns a PEM encoding of the given public key.

MarshalSoftwarePrivateKeyPKCS8DER marshals the provided private key as PKCS#8 DER.

NewPrivateKey returns a new PrivateKey for the given crypto.Signer with a pre-marshaled private key PEM, which may be a special PIV key PEM.

NewSoftwarePrivateKey returns a new PrivateKey for a crypto.Signer.

ParseKeyPair returns the PrivateKey for the given private and public key PEM blocks.

ParsePrivateKey returns the PrivateKey for the given key PEM block.

ParsePrivateKeyPolicyError checks if the given error is a private key policy error and returns the contained unsatisfied PrivateKeyPolicy.

ParsePublicKey parses a PEM-encoded public key.

PolicyThatSatisfiesSet returns least restrictive policy necessary to satisfy the given set of policies.

TLSCertificate parses the given TLS certificate(s) paired with the given signer to return a tls.Certificate, ready to be used in a TLS handshake.

WithCustomPrompt sets a custom hardware key prompt.

X509Certificate takes a PEM-encoded file containing one or more certificates, extracts all certificates, and parses the Leaf certificate (the first one in the chain).

X509KeyPair parse a tls.Certificate from a private key PEM and certificate PEM.

PINOptional allows the user to proceed without entering a PIN.

PINRequired enforces that a PIN must be entered to proceed.

PKCS1PublicKeyType is the PEM encoding type commonly used for PKCS#1, ASN.1 DER form public keys.

PKIXPublicKeyType is the PEM encoding type commonly used for PKIX, ASN.1 DER form public keys.

PrivateKeyPolicyHardwareKey means that the client must use a valid hardware key to generate and store their private keys securely.

PrivateKeyPolicyHardwareKeyPIN means that the client must use a valid hardware key to generate and store their private keys securely, and this key must require pin to be accessed and used.

PrivateKeyPolicyHardwareKeyTouch means that the client must use a valid hardware key to generate and store their private keys securely, and this key must require touch to be accessed and used.

PrivateKeyPolicyHardwareKeyTouchAndPIN means that the client must use a valid hardware key to generate and store their private keys securely, and this key must require touch and pin to be accessed and used.

PrivateKeyPolicyNone means that the client can store their private keys anywhere (usually on disk).

PrivateKeyPolicyWebSession is a special case used for Web Sessions.

AttestationData is verified attestation data for a public key.

ParsePrivateKeyOptions contains config options for ParsePrivateKey.

PINAndPUK describes a response returned from HardwareKeyPrompt.ChangePIN.

PrivateKey implements crypto.Signer with additional helper methods.

HardwareKeyPrompt provides methods to interact with a YubiKey hardware key.

HardwareSigner is a crypto.Signer which can be attested as being backed by a hardware key.

AttestationStatement is an attestation statement for a hardware private key that supports json marshaling through the standard json/encoding package.

ParsePrivateKeyOpt applies configuration options.

PINPromptRequirement specifies whether a PIN is required.

PIVSlot is the string representation of a PIV slot.

PrivateKeyPolicy is a requirement for client private key storage.