kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes the Markdown lint config and affected files (#676)

Browse Source 
I also ran our documentation against a few other linters, to see what
they would find, and fixed accordingly.
This commit is contained in:
kaczmarczyck
2024-01-12 16:00:37 +01:00
committed by GitHub
parent 298db9ea99
commit 4339600730
6 changed files with 104 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs/customization.md
View File

@@ -7,18 +7,18 @@
All the generated certificates and private keys are stored in the directory
`crypto_data/`. The expected content after running our `setup.sh` script is:
File | Purpose
------------------------ | --------------------------------------------------------
`aaguid.txt` | Text file containaing the AAGUID value
`opensk_ca.csr` | Certificate sign request for the Root CA
`opensk_ca.key` | ECC secp256r1 private key used for the Root CA
`opensk_ca.pem` | PEM encoded certificate of the Root CA
`opensk_ca.srl` | File generated by OpenSSL
`opensk_cert.csr` | Certificate sign request for the attestation certificate
`opensk_cert.pem` | PEM encoded certificate used for the authenticator
`opensk.key` | ECC secp256r1 private key used for the autenticator
`opensk_upgrade.key` | Private key for signing upgrades through CTAP
`opensk_upgrade_pub.pem` | Public key added to the firmware for verifying upgrades
| File | Purpose |
| ------------------------ | ----------------------------------------------- |
| `aaguid.txt` | Text file containaing the AAGUID value |
| `opensk_ca.csr` | Certificate sign request for the Root CA |
| `opensk_ca.key` | ECC secp256r1 private key used for the Root CA |
| `opensk_ca.pem` | PEM encoded certificate of the Root CA |
| `opensk_ca.srl` | File generated by OpenSSL |
| `opensk_cert.csr` | CSR for attestation certificate |
| `opensk_cert.pem` | PEM encoded certificate for the authenticator |
| `opensk.key` | ECC secp256r1 private key for the autenticator |
| `opensk_upgrade.key` | Private key for signing upgrades through CTAP |
| `opensk_upgrade_pub.pem` | Public key for verifying upgrades |
If you want to use your own attestation certificate and private key,
replace the `opensk_cert.pem` and `opensk.key` files. The script at
@@ -50,20 +50,20 @@ carefully if you want to take this privacy risk.
If you build your own security key, depending on the hardware you use, there are
a few things you can personalize:
1. If you have multiple buttons, choose the buttons responsible for user
presence in `src/main.rs`.
1. If you have colored LEDs, like different blinking patterns and want to play
around with the code in `src/main.rs` more, take a look at e.g. `wink_leds`.
1. You find more options and documentation in `src/ctap/customization.rs`,
including:
* The default level for the credProtect extension.
* The default minimum PIN length, and what relying parties can set it.
* Whether you want to enforce alwaysUv.
* Settings for enterprise attestation.
* The maximum PIN retries.
* Whether you want to use batch attestation.
* Whether you want to use signature counters.
* Various constants to adapt to different hardware.
1. If you have multiple buttons, choose the buttons responsible for user
presence in `src/main.rs`.
1. If you have colored LEDs, like different blinking patterns and want to play
around with the code in `src/main.rs` more, take a look at e.g. `wink_leds`.
1. You find more options and documentation in `src/ctap/customization.rs`,
including:
* The default level for the credProtect extension.
* The default minimum PIN length, and what relying parties can set it.
* Whether you want to enforce alwaysUv.
* Settings for enterprise attestation.
* The maximum PIN retries.
* Whether you want to use batch attestation.
* Whether you want to use signature counters.
* Various constants to adapt to different hardware.
### Testing and Fuzzing