Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/tstranex/u2f
- Version published
- Created
Go FIDO U2F Library
This Go package implements the parts of the FIDO U2F specification required on the server side of an application.
Features
- Native Go implementation
- No dependancies other than the Go standard library
- Token attestation certificate verification
Usage
Please visit http://godoc.org/github.com/tstranex/u2f for the full documentation.
How to enrol a new token
app_id := "http://localhost"
// Send registration request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.RegisterRequest()
// Read response from the browser.
var resp RegisterResponse
reg, err := Register(resp, c, nil)
if err != nil {
// Registration failed.
}
// Store registration in the database.
How to perform an authentication
// Fetch registration and counter from the database.
var reg Registration
var counter uint32
// Send authentication request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.SignRequest(reg)
// Read response from the browser.
var resp SignResponse
newCounter, err := reg.Authenticate(resp, c, counter)
if err != nil {
// Authentication failed.
}
// Store updated counter in the database.
Installation
$ go get github.com/tstranex/u2f
Example
See u2fdemo/main.go for an full example server. To run it:
$ go install github.com/tstranex/u2f/u2fdemo
$ ./bin/u2fdemo
Open https://localhost:3483 in Chrome. Ignore the SSL warning (due to the self-signed certificate for localhost). You can then test registering and authenticating using your token.
Changelog
-
2016-12-18: The package has been updated to work with the new U2F Javascript 1.1 API specification. This causes some breaking changes.
SignRequesthas been replaced byWebSignRequestwhich now includes multiple registrations. This is useful when the user has multiple devices registered since you can now authenticate against any of them with a single request.WebRegisterRequesthas been introduced, which should generally be used instead of usingRegisterRequestdirectly. It includes the list of existing registrations with the new registration request. If the user's device already matches one of the existing registrations, it will refuse to re-register.Challenge.RegisterRequesthas been replaced byNewWebRegisterRequest.
License
The Go FIDO U2F Library is licensed under the MIT License.
FAQs
Unknown package
Package last updated on 05 May 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025