Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/tstranex/u2f

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/tstranex/u2f

  • v1.0.0
  • Source
  • Go
  • Socket score
Version published
Created
Source

Go FIDO U2F Library

This Go package implements the parts of the FIDO U2F specification required on the server side of an application.

Build Status

Features

  • Native Go implementation
  • No dependancies other than the Go standard library
  • Token attestation certificate verification

Usage

Please visit http://godoc.org/github.com/tstranex/u2f for the full documentation.

How to enrol a new token

app_id := "http://localhost"

// Send registration request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.RegisterRequest()

// Read response from the browser.
var resp RegisterResponse
reg, err := Register(resp, c, nil)
if err != nil {
    // Registration failed.
}

// Store registration in the database.

How to perform an authentication

// Fetch registration and counter from the database.
var reg Registration
var counter uint32

// Send authentication request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.SignRequest(reg)

// Read response from the browser.
var resp SignResponse
newCounter, err := reg.Authenticate(resp, c, counter)
if err != nil {
    // Authentication failed.
}

// Store updated counter in the database.

Installation

$ go get github.com/tstranex/u2f

Example

See u2fdemo/main.go for an full example server. To run it:

$ go install github.com/tstranex/u2f/u2fdemo
$ ./bin/u2fdemo

Open https://localhost:3483 in Chrome. Ignore the SSL warning (due to the self-signed certificate for localhost). You can then test registering and authenticating using your token.

Changelog

  • 2016-12-18: The package has been updated to work with the new U2F Javascript 1.1 API specification. This causes some breaking changes.

    SignRequest has been replaced by WebSignRequest which now includes multiple registrations. This is useful when the user has multiple devices registered since you can now authenticate against any of them with a single request.

    WebRegisterRequest has been introduced, which should generally be used instead of using RegisterRequest directly. It includes the list of existing registrations with the new registration request. If the user's device already matches one of the existing registrations, it will refuse to re-register.

    Challenge.RegisterRequest has been replaced by NewWebRegisterRequest.

License

The Go FIDO U2F Library is licensed under the MIT License.

FAQs

Package last updated on 05 May 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc