{"id":18750838,"url":"https://github.com/aalbacetef/tofu","last_synced_at":"2025-08-18T18:04:04.467Z","repository":{"id":258845007,"uuid":"871162483","full_name":"aalbacetef/tofu","owner":"aalbacetef","description":"tofu is a library that provides trust-on-first-use functionality","archived":false,"fork":false,"pushed_at":"2024-10-21T10:54:28.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-18T18:02:43.080Z","etag":null,"topics":["golang","tls","tofu","trust-on-first-use"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aalbacetef.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-10-11T11:52:36.000Z","updated_at":"2024-10-21T10:54:32.000Z","dependencies_parsed_at":"2025-05-22T06:47:31.149Z","dependency_job_id":null,"html_url":"https://github.com/aalbacetef/tofu","commit_stats":null,"previous_names":["aalbacetef/tofu"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aalbacetef/tofu","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aalbacetef%2Ftofu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aalbacetef%2Ftofu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aalbacetef%2Ftofu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aalbacetef%2Ftofu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aalbacetef","download_url":"https://codeload.github.com/aalbacetef/tofu/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aalbacetef%2Ftofu/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271035378,"owners_count":24688396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","tls","tofu","trust-on-first-use"],"created_at":"2024-11-07T17:13:19.577Z","updated_at":"2025-08-18T18:04:04.426Z","avatar_url":"https://github.com/aalbacetef.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n![CI status](https://github.com/aalbacetef/tofu/actions/workflows/ci.yml/badge.svg)   [![License](https://img.shields.io/badge/License-BSD_3--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![Go Report Card](https://goreportcard.com/badge/github.com/aalbacetef/tofu)](https://goreportcard.com/github.com/aalbacetef/tofu)\n\n\n# tofu\n\n## Introduction\n\nThis package implements the TOFU (trust on first use) authentication scheme.\n\nTo read more about it, check out the following links:\n - [TOFU - wiki](https://en.wikipedia.org/wiki/Trust_on_first_use)\n - [Gemini spec - TLS](https://geminiprotocol.net/docs/specification.gmi#4-tls)\n\n\n## Usage \n\n`tofu` provides an interface, `Store`, to allow the library consumer to \nchoose how they want to manage their known hosts. \n\nThere are two implementations, a `FileStore` and an `InMemoryStore`.  \nWhen using `FileStore`, the implementation assumes a format similar to the \n`known_hosts` file used by SSH, each line is a comma-separated set of values:\n\n- hash(address)\n- fingerprint - hash(data)\n- comment (optional)\n\n### Example \n\nDefine a connection verification function.\n\n```go\nvar (\n    ErrInvalidCert = errors.New(\"invalid certificate\")\n    ErrNoPeerCerts = errors.New(\"no peer certificates\")\n)\n\nfunc verifyConn(store tofu.Store) verifyFunc {\n    return func(state tls.ConnectionState) error {\n        // check for peer certificates\n        peerCerts := state.PeerCertificates\n        if len(peerCerts) == 0 {\n            return ErrNoPeerCerts\n        }\n\n        leaf := state.PeerCertificates[0]\n\n        // get fingerprint\n        host := tofu.Host{\n            Address:     state.ServerName,\n            Fingerprint: tofu.Fingerprint(leaf),\n        }\n\n        // verify host with fingerprint\n        valid, err := tofu.Verify(store, host)\n        if err != nil {\n            return fmt.Errorf(\"error verifying: %w\", err)\n        }\n\n        if !valid {\n            return ErrInvalidCert\n        }\n\n        return nil\n    }\n}\n```\n\nPass it into a `tls.Config` \n\n```go\nconst minTLSVersion = tls.VersionTLS12\n\nconfig := \u0026tls.Config{\n\tMinVersion:         minTLSVersion,\n\tInsecureSkipVerify: true,\n\tVerifyConnection:   verifyConn(myCertStore),\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faalbacetef%2Ftofu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faalbacetef%2Ftofu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faalbacetef%2Ftofu/lists"}