factors

derive. Namespace

factors

Description:
  • Multi-factor key derivation factor derivation
Source:

Methods

(static) hmacsha1(response) → {function}

Description:
  • Derive a YubiKey-compatible MFKDF HMAC-SHA1 challenge-response factor
Source:
Since:
  • 0.21.0
Author:
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hmacsha1()
], {size: 8})

// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()

// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
  hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
response Buffer HMAC-SHA1 response
Returns:
Async function to generate MFKDF factor information
Type
function

(static) hotp(code) → {function}

Description:
  • Derive an MFKDF HOTP factor
Source:
Since:
  • 0.12.0
Author:
Example
// setup key with hotp factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hotp({ secret: Buffer.from('hello world') })
], {size: 8})

// derive key with hotp factor
const derive = await mfkdf.derive.key(setup.policy, {
  hotp: mfkdf.derive.factors.hotp(365287)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
code number The HOTP code from which to derive an MFKDF factor
Returns:
Async function to generate MFKDF factor information
Type
function

(static) ooba(code) → {function}

Description:
  • Derive an MFKDF Out-of-Band Authentication (OOBA) factor
Source:
Since:
  • 1.1.0
Author:
Example
// setup RSA key pair (on out-of-band server)
const keyPair = await crypto.webcrypto.subtle.generateKey({hash: 'SHA-256', modulusLength: 2048, name: 'RSA-OAEP', publicExponent: new Uint8Array([1, 0, 1])}, true, ['encrypt', 'decrypt'])

// setup key with out-of-band authentication factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.ooba({
    key: keyPair.publicKey, params: { email: '[email protected]' }
  })
])

// decrypt and send code (on out-of-band server)
const next = setup.policy.factors[0].params.next
const decrypted = await crypto.webcrypto.subtle.decrypt({name: 'RSA-OAEP'}, keyPair.privateKey, Buffer.from(next, 'hex'))
const code = JSON.parse(Buffer.from(decrypted).toString()).code;

// derive key with out-of-band factor
const derive = await mfkdf.derive.key(setup.policy, {
  ooba: mfkdf.derive.factors.ooba(code)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
code number The one-time code from which to derive an MFKDF factor
Returns:
Async function to generate MFKDF factor information
Type
function

(static) password(password) → {function}

Description:
  • Derive an MFKDF password factor
Source:
Since:
  • 0.9.0
Author:
Example
// setup key with password factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.password('password')
], {size: 8})

// derive key with password factor
const derive = await mfkdf.derive.key(setup.policy, {
  password: mfkdf.derive.factors.password('password')
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
password string The password from which to derive an MFKDF factor
Returns:
Async function to generate MFKDF factor information
Type
function

(static) persisted(share) → {function}

Description:
  • Use a persisted MFDKF factor
Source:
Since:
  • 0.18.0
Author:
Example
// setup 3-factor multi-factor derived key
const setup = await mfkdf.setup.key([
 await mfkdf.setup.factors.password('password1', { id: 'password1' }),
 await mfkdf.setup.factors.password('password2', { id: 'password2' }),
 await mfkdf.setup.factors.password('password3', { id: 'password3' })
], {size: 8})

// persist one of the factors
const factor2 = setup.persistFactor('password2')

// derive key with 2 factors
const derived = await mfkdf.derive.key(setup.policy, {
 password1: mfkdf.derive.factors.password('password1'),
 password2: mfkdf.derive.factors.persisted(factor2),
 password3: mfkdf.derive.factors.password('password3')
})

setup.key.toString('hex') // -> 64587f2a0e65dc3c
derived.key.toString('hex') // -> 64587f2a0e65dc3c
Parameters:
Name Type Description
share Buffer The share corresponding to the persisted factor
Returns:
Async function to generate MFKDF factor information
Type
function

(static) question(answer) → {function}

Description:
  • Derive an MFKDF Security Question factor
Source:
Since:
  • 1.0.0
Author:
Example
// setup key with security question factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.question('Fido')
], {size: 8})

// derive key with security question factor
const derive = await mfkdf.derive.key(setup.policy, {
  question: mfkdf.derive.factors.question('Fido')
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
answer string The answer from which to derive an MFKDF factor
Returns:
Async function to generate MFKDF factor information
Type
function

(static) stack(factors) → {function}

Description:
  • Derive an MFKDF stacked key factor
Source:
Since:
  • 0.15.0
Author:
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hmacsha1()
], {size: 8})

// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()

// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
  hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
factors Object.<string, MFKDFFactor> Factors used to derive this key
Returns:
Async function to generate MFKDF factor information
Type
function

(static) totp(code, optionsopt) → {function}

Description:
  • Derive an MFKDF TOTP factor
Source:
Since:
  • 0.13.0
Author:
Example
// setup key with totp factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.totp({
    secret: Buffer.from('hello world'),
    time: 1650430806597
  })
], {size: 8})

// derive key with totp factor
const derive = await mfkdf.derive.key(setup.policy, {
  totp: mfkdf.derive.factors.totp(528258, { time: 1650430943604 })
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
code number The TOTP code from which to derive an MFKDF factor
options Object <optional>
 Additional options for deriving the TOTP factor
Properties
Name Type Attributes Description
time number <optional>
 Current time for TOTP; defaults to Date.now()
Returns:
Async function to generate MFKDF factor information
Type
function

(static) uuid(uuid) → {function}

Description:
  • Derive an MFKDF UUID factor
Source:
Since:
  • 0.9.0
Author:
Example
// setup key with uuid factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.uuid({ uuid: '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d' })
], {size: 8})

// derive key with uuid factor
const derive = await mfkdf.derive.key(setup.policy, {
  uuid: mfkdf.derive.factors.uuid('9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d')
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Description
uuid string The uuid from which to derive an MFKDF factor
Returns:
Async function to generate MFKDF factor information
Type
function