- Source:
Multi-factor key derivation factor derivation
Methods
(static) hmacsha1(response) → {function}
- Source:
- Since:
- 0.21.0
Derive a YubiKey-compatible MFKDF HMAC-SHA1 challenge-response factor
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.hmacsha1()
], {size: 8})
// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()
// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
response |
Buffer | HMAC-SHA1 response |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) hotp(code) → {function}
- Source:
- Since:
- 0.12.0
Derive an MFKDF HOTP factor
Example
// setup key with hotp factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.hotp({ secret: Buffer.from('hello world') })
], {size: 8})
// derive key with hotp factor
const derive = await mfkdf.derive.key(setup.policy, {
hotp: mfkdf.derive.factors.hotp(365287)
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
code |
number | The HOTP code from which to derive an MFKDF factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) ooba(code) → {function}
- Source:
- Since:
- 1.1.0
Derive an MFKDF Out-of-Band Authentication (OOBA) factor
Example
// setup RSA key pair (on out-of-band server)
const keyPair = await crypto.webcrypto.subtle.generateKey({hash: 'SHA-256', modulusLength: 2048, name: 'RSA-OAEP', publicExponent: new Uint8Array([1, 0, 1])}, true, ['encrypt', 'decrypt'])
// setup key with out-of-band authentication factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.ooba({
key: keyPair.publicKey, params: { email: '[email protected]' }
})
])
// decrypt and send code (on out-of-band server)
const next = setup.policy.factors[0].params.next
const decrypted = await crypto.webcrypto.subtle.decrypt({name: 'RSA-OAEP'}, keyPair.privateKey, Buffer.from(next, 'hex'))
const code = JSON.parse(Buffer.from(decrypted).toString()).code;
// derive key with out-of-band factor
const derive = await mfkdf.derive.key(setup.policy, {
ooba: mfkdf.derive.factors.ooba(code)
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
code |
number | The one-time code from which to derive an MFKDF factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) password(password) → {function}
- Source:
- Since:
- 0.9.0
Derive an MFKDF password factor
Example
// setup key with password factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.password('password')
], {size: 8})
// derive key with password factor
const derive = await mfkdf.derive.key(setup.policy, {
password: mfkdf.derive.factors.password('password')
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
password |
string | The password from which to derive an MFKDF factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) persisted(share) → {function}
- Source:
- Since:
- 0.18.0
Use a persisted MFDKF factor
Example
// setup 3-factor multi-factor derived key
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.password('password1', { id: 'password1' }),
await mfkdf.setup.factors.password('password2', { id: 'password2' }),
await mfkdf.setup.factors.password('password3', { id: 'password3' })
], {size: 8})
// persist one of the factors
const factor2 = setup.persistFactor('password2')
// derive key with 2 factors
const derived = await mfkdf.derive.key(setup.policy, {
password1: mfkdf.derive.factors.password('password1'),
password2: mfkdf.derive.factors.persisted(factor2),
password3: mfkdf.derive.factors.password('password3')
})
setup.key.toString('hex') // -> 64587f2a0e65dc3c
derived.key.toString('hex') // -> 64587f2a0e65dc3cParameters:
| Name | Type | Description |
|---|---|---|
share |
Buffer | The share corresponding to the persisted factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) question(answer) → {function}
- Source:
- Since:
- 1.0.0
Derive an MFKDF Security Question factor
Example
// setup key with security question factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.question('Fido')
], {size: 8})
// derive key with security question factor
const derive = await mfkdf.derive.key(setup.policy, {
question: mfkdf.derive.factors.question('Fido')
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
answer |
string | The answer from which to derive an MFKDF factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) stack(factors) → {function}
- Source:
- Since:
- 0.15.0
Derive an MFKDF stacked key factor
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.hmacsha1()
], {size: 8})
// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()
// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
factors |
Object.<string, MFKDFFactor> | Factors used to derive this key |
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) totp(code, optionsopt) → {function}
- Source:
- Since:
- 0.13.0
Derive an MFKDF TOTP factor
Example
// setup key with totp factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.totp({
secret: Buffer.from('hello world'),
time: 1650430806597
})
], {size: 8})
// derive key with totp factor
const derive = await mfkdf.derive.key(setup.policy, {
totp: mfkdf.derive.factors.totp(528258, { time: 1650430943604 })
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Attributes | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
code |
number | The TOTP code from which to derive an MFKDF factor | |||||||||
options |
Object |
<optional> |
Additional options for deriving the TOTP factor
Properties
|
Returns:
Async function to generate MFKDF factor information
- Type
- function
(static) uuid(uuid) → {function}
- Source:
- Since:
- 0.9.0
Derive an MFKDF UUID factor
Example
// setup key with uuid factor
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.uuid({ uuid: '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d' })
], {size: 8})
// derive key with uuid factor
const derive = await mfkdf.derive.key(setup.policy, {
uuid: mfkdf.derive.factors.uuid('9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d')
})
setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516Parameters:
| Name | Type | Description |
|---|---|---|
uuid |
string | The uuid from which to derive an MFKDF factor |
Returns:
Async function to generate MFKDF factor information
- Type
- function