core/go-crypt
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
go-crypt/auth
History
Snider 301eac1d76 feat(auth): Phase 2 key management — Argon2id, rotation, revocation 
- Register now uses Argon2id (crypt.HashPassword) instead of LTHN hash
- Login detects hash format: Argon2id (.hash) first, LTHN (.lthn) fallback
- Transparent migration: successful legacy login re-hashes with Argon2id
- RotateKeyPair: decrypt metadata with old password, generate new PGP
  keypair, re-encrypt, update hash, invalidate all sessions
- RevokeKey: write JSON revocation record to .rev, invalidate sessions
- IsRevoked: parse .rev for valid JSON (ignores legacy placeholder)
- Login/CreateChallenge reject revoked users
- HardwareKey interface (hardware.go): contract for PKCS#11/YubiKey
- verifyPassword helper: shared Argon2id→LTHN fallback logic
- 55 tests total, all pass with -race

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-20 02:27:03 +00:00
..
auth.go feat(auth): Phase 2 key management — Argon2id, rotation, revocation 2026-02-20 02:27:03 +00:00
auth_test.go feat(auth): Phase 2 key management — Argon2id, rotation, revocation 2026-02-20 02:27:03 +00:00
hardware.go feat(auth): Phase 2 key management — Argon2id, rotation, revocation 2026-02-20 02:27:03 +00:00
session_store.go feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00
session_store_sqlite.go feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00
session_store_test.go feat(auth): add SessionStore interface with SQLite persistence 2026-02-20 01:44:51 +00:00