Get an Onlykey: https://onlykey.io/
Live Demo: https://docs.crp.to/node-onlykey/docs/
Please Leave Feedback Here https://github.com/trustcrypto/node-onlykey/issues
Supports
- ECDH and ECDSA (NIST256P1)
- ECDH and EDDSA (ED25519)
- NACL
require("./dist/onlykey3rd-party.js")(function(ONLYKEY) {
var ok = ONLYKEY();
})
ok.on(event,function() {})
List of events
"status"
outputs current operation in english"error"
emits any errors during operations
ok.connect(function() {})
connect()
does ECDH for secure session using NACL and informs hardware of current time, OS, and browser.
ok.derive_public_key(AdditionalData, keyType, press_required, function(error, ok_jwk_epub) {})
derive_public_key()
does connect()
and returns a hardware generated public key from OnlyKey
ok.derive_shared_secret(AdditionalData, input_jwk_epub, keyType, press_required, function(error, shared_secret, ok_jwk_epub) {})
derive_shared_secret()
does connect()
and returns a hardware generated shared secret from OnlyKey that can be used as private key for encryption/signing
AdditionalData
=string
orbuffer
to point to a derived keyinput_jwk_epub
= input public key in jwk formatok_jwk_epub
= onlykey output public key in jwk formatkeyType
= key generation typeshared_secret
= shared AES-GCM key
KEYTYPE
- KEYTYPE_NACL =
0
- KEYTYPE_P256R1 =
1
- KEYTYPE_P256K1 =
2
- KEYTYPE_CURVE25519 =
3
OnlyKey uses the RPID provided from FIDO2 (the origin url), the input public key jwk_epub
, and any additional data AdditionalData
such as a username to generate a public/private keypair. OnlyKey returns the public key with derive_public_key()
and returns the shared secret of "input public/generated private" with derive_shared_secret()
.
Single-User Application - This shared secret can be used for encryption and signing purposes. Given the same inputs and the same web site origin the same shared secret can be recreated.
Multi-User Application - Like a typical ECDH key exchange, both USERA and USERB obtain hardware generated public keys with derive_public_key()
, these public keys are exchanged and used as input public key for derive_shared_secret()
. Each user generates the same shared secret which can be used for encryption and signing purposes between USERA and USERB.
$ node node-onlykey/docs/server.js
Browse to http://localhost:3000
--help,-h,-? shows this
--keypress,-p use touch key
--keytype=1,-t=1 1=P256R1,3=CURVE25519
--seed='Onlykey Rocks!' seed for aditional_data
--secret='pubkey' pubkey to generate a secret from seed
--domain='localhost' domain to generate keys for
CLI outputs in JSON format
- Tim ~ onlykey.io
- Brad ~ bmatusiak.us