core/go-crypt
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
7 commits 1 branch 0 tags 203 KiB
Find a file
Snider 301eac1d76 feat(auth): Phase 2 key management — Argon2id, rotation, revocation 
- Register now uses Argon2id (crypt.HashPassword) instead of LTHN hash
- Login detects hash format: Argon2id (.hash) first, LTHN (.lthn) fallback
- Transparent migration: successful legacy login re-hashes with Argon2id
- RotateKeyPair: decrypt metadata with old password, generate new PGP
  keypair, re-encrypt, update hash, invalidate all sessions
- RevokeKey: write JSON revocation record to .rev, invalidate sessions
- IsRevoked: parse .rev for valid JSON (ignores legacy placeholder)
- Login/CreateChallenge reject revoked users
- HardwareKey interface (hardware.go): contract for PKCS#11/YubiKey
- verifyPassword helper: shared Argon2id→LTHN fallback logic
- 55 tests total, all pass with -race

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-20 02:27:03 +00:00
auth feat(auth): Phase 2 key management — Argon2id, rotation, revocation 2026-02-20 02:27:03 +00:00
crypt test(phase0): expand test coverage, security audit, and benchmarks 2026-02-20 01:14:41 +00:00
trust test(phase0): expand test coverage, security audit, and benchmarks 2026-02-20 01:14:41 +00:00
CLAUDE.md feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00
FINDINGS.md test(phase0): expand test coverage, security audit, and benchmarks 2026-02-20 01:14:41 +00:00
go.mod feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00
go.sum feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00
TODO.md docs: refine Phase 2 key management tasks with step-by-step instructions 2026-02-20 02:02:02 +00:00