factors

setup. factors

Source:
Multi-factor key derivation factor setup

Methods

(async, static) hmacsha1(optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.21.0
Author:
Setup a YubiKey-compatible MFKDF HMAC-SHA1 challenge-response factor
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hmacsha1()
], {size: 8})

// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()

// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
  hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
'hmacsha1' Unique identifier for this factor
secret Buffer <optional>
HMAC secret to use; randomly generated by default
Returns:
MFKDF factor information
Type
MFKDFFactor

(async, static) hotp(optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.12.0
Author:
Setup an MFKDF HOTP factor
Example
// setup key with hotp factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hotp({ secret: Buffer.from('hello world') })
], {size: 8})

// derive key with hotp factor
const derive = await mfkdf.derive.key(setup.policy, {
  hotp: mfkdf.derive.factors.hotp(365287)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
'hotp' Unique identifier for this factor
hash string <optional>
'sha1' Hash algorithm to use; sha512, sha256, or sha1
digits number <optional>
6 Number of digits to use
secret Buffer <optional>
HOTP secret to use; randomly generated by default
issuer Buffer <optional>
'MFKDF' OTPAuth issuer string
label Buffer <optional>
'mfkdf.com' OTPAuth label string
Returns:
MFKDF factor information
Type
MFKDFFactor

(async, static) password(password, optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.8.0
Author:
Setup an MFKDF password factor
Example
// setup key with password factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.password('password')
], {size: 8})

// derive key with password factor
const derive = await mfkdf.derive.key(setup.policy, {
  password: mfkdf.derive.factors.password('password')
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
password string The password from which to derive an MFKDF factor
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
'password' Unique identifier for this factor
Returns:
MFKDF factor information
Type
MFKDFFactor

(async, static) stack(factors, optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.15.0
Author:
Setup an MFKDF stacked key factor
Example
// setup key with hmacsha1 factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.hmacsha1()
], {size: 8})

// calculate response; could be done using hardware device
const secret = setup.outputs.hmacsha1.secret
const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
const response = crypto.createHmac('sha1', secret).update(challenge).digest()

// derive key with hmacsha1 factor
const derive = await mfkdf.derive.key(setup.policy, {
  hmacsha1: mfkdf.derive.factors.hmacsha1(response)
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
factors Array.<MFKDFFactor> Array of factors used to derive this key
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
'stack' Unique identifier for this factor
size number <optional>
32 Size of derived key, in bytes
threshold number <optional>
Number of factors required to derive key; factors.length by default (all required)
salt Buffer <optional>
Cryptographic salt; generated via secure PRG by default (recommended)
kdf string <optional>
'pbkdf2' KDF algorithm to use; pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id
pbkdf2rounds number <optional>
1 Number of rounds to use if using pbkdf2
pbkdf2digest string <optional>
'sha256' Hash function to use if using pbkdf2; sha1, sha256, sha384, or sha512
bcryptrounds number <optional>
10 Number of rounds to use if using bcrypt
scryptcost number <optional>
16384 Iterations count (N) to use if using scrypt
scryptblocksize number <optional>
8 Block size (r) to use if using scrypt
scryptparallelism number <optional>
1 Parallelism factor (p) to use if using scrypt
argon2time number <optional>
2 Iterations to use if using argon2
argon2mem number <optional>
24576 Mmemory to use if using argon2
argon2parallelism number <optional>
1 Parallelism to use if using argon2
Returns:
MFKDF factor information
Type
MFKDFFactor

(async, static) totp(optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.13.0
Author:
Setup an MFKDF TOTP factor
Example
// setup key with totp factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.totp({
    secret: Buffer.from('hello world'),
    time: 1650430806597
  })
], {size: 8})

// derive key with totp factor
const derive = await mfkdf.derive.key(setup.policy, {
  totp: mfkdf.derive.factors.totp(528258, { time: 1650430943604 })
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
'totp' Unique identifier for this factor
hash string <optional>
'sha1' Hash algorithm to use; sha512, sha256, or sha1
digits number <optional>
6 Number of digits to use
secret Buffer <optional>
TOTP secret to use; randomly generated by default
issuer Buffer <optional>
'MFKDF' OTPAuth issuer string
label Buffer <optional>
'mfkdf.com' OTPAuth label string
time number <optional>
Current time for TOTP; defaults to Date.now()
window number <optional>
87600 Maximum window between logins, in number of steps (1 month by default)
step number <optional>
30 TOTP step size
Returns:
MFKDF factor information
Type
MFKDFFactor

(async, static) uuid(optionsopt) → {MFKDFFactor}

Source:
Since:
  • 0.9.0
Author:
Setup an MFKDF UUID factor
Example
// setup key with uuid factor
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.uuid({ uuid: '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d' })
], {size: 8})

// derive key with uuid factor
const derive = await mfkdf.derive.key(setup.policy, {
  uuid: mfkdf.derive.factors.uuid('9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d')
})

setup.key.toString('hex') // -> 01d0c7236adf2516
derive.key.toString('hex') // -> 01d0c7236adf2516
Parameters:
Name Type Attributes Description
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
uuid string <optional>
UUID to use for this factor; random v4 uuid default
id string <optional>
'uuid' Unique identifier for this factor
Returns:
MFKDF factor information
Type
MFKDFFactor