{"id":33171697,"url":"https://github.com/pando85/rust-keylib","last_synced_at":"2026-04-07T17:31:58.002Z","repository":{"id":323251274,"uuid":"1092477927","full_name":"pando85/rust-keylib","owner":"pando85","description":"Keylib bindings for Rust ","archived":false,"fork":false,"pushed_at":"2025-11-19T18:26:36.000Z","size":794,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-02-13T07:53:37.277Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pando85.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-08T17:43:39.000Z","updated_at":"2025-11-17T01:18:43.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pando85/rust-keylib","commit_stats":null,"previous_names":["pando85/rust-keylib"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/pando85/rust-keylib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pando85%2Frust-keylib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pando85%2Frust-keylib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pando85%2Frust-keylib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pando85%2Frust-keylib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pando85","download_url":"https://codeload.github.com/pando85/rust-keylib/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pando85%2Frust-keylib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31522270,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-16T01:15:52.622Z","updated_at":"2026-04-07T17:31:57.994Z","avatar_url":"https://github.com/pando85.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# keylib\n\nRust FFI bindings for the [keylib](https://github.com/Zig-Sec/keylib) C API.\n\n## Quick Start\n\nAdd to your `Cargo.toml`:\n\n```toml\n[dependencies]\nkeylib = { version = \"0.1\", features = [\"bundled\"] }\n```\n\nThe `bundled` feature downloads prebuilt native libraries, so you don't need to install Zig or\nlibudev-dev. Just run:\n\n```bash\ncargo build\n```\n\nThat's it! No additional setup required.\n\n## Prerequisites\n\n### Option 1: Use Prebuilt Libraries (Recommended)\n\nEnable the `bundled` feature (shown above). This will automatically download prebuilt binaries for\nyour platform during build.\n\n**Supported platforms:**\n\n- `x86_64-unknown-linux-gnu`\n- `aarch64-unknown-linux-gnu`\n- `x86_64-unknown-linux-musl`\n\n### Option 2: Build from Source\n\nIf you want to build from source or need a different platform:\n\nIn case you are downloading / checking out this repository directly via git, make sure to initialize\nthe git submodules after cloning!\n\n```bash\ngit submodule update --init\n```\n\nTools required for building:\n\n- Rust toolchain (stable)\n- Zig compiler (for building keylib) - [Install Zig](https://ziglang.org/download/)\n- libudev library (`sudo apt-get install libudev-dev` on Ubuntu/Debian)\n\nThen omit the `bundled` feature:\n\n```toml\n[dependencies]\nkeylib = \"0.1\"\n```\n\n## Features\n\n- Safe Rust API with proper error handling\n- RAII-based resource management\n- Callback bridging from Rust closures to C function pointers\n- Complete callback system (UP/UV/Select/Read/Write/Delete)\n- Full CTAP protocol implementation\n- **PIN/UV Authentication Protocol** - Complete CTAP 2.0/2.1 PIN protocol support\n  - ECDH key agreement (P-256)\n  - PIN protocol V1 (AES-256-CBC) and V2 (HMAC-based encryption)\n  - PIN token retrieval with permissions\n  - Shared secret derivation and encryption/decryption\n- **Credential Management API** - Complete implementation for managing discoverable credentials\n- Examples demonstrating client and authenticator usage\n- Base64-encoded credential display for debugging\n- PEM-formatted certificate display in examples\n- USB HID transport layer\n- Client-side device enumeration and communication\n- Virtual authenticator support via UHID (Linux)\n- **Prebuilt binaries** - Zero-setup builds with the `bundled` feature\n\n## API\n\nThis crate provides safe Rust abstractions over the unsafe FFI bindings.\n\n### Key Types\n\n- `Authenticator`: Safe wrapper for authenticator instances with callback support\n- `AuthenticatorConfig`: Builder pattern for configuring authenticators with custom settings\n- `AuthenticatorOptions`: Fine-grained control over authenticator capabilities (rk, up, uv,\n  clientPin, credMgmt, etc.)\n- `CtapCommand`: Type-safe enum for CTAP commands (MakeCredential, GetAssertion, etc.)\n- `Callbacks`: Configuration for user interaction callbacks (UP/UV/Select/Read/Write/Delete)\n- `CredentialManagement`: Safe API for managing discoverable credentials on authenticators\n- `Error`: Error types that can occur during operations\n- `Client`: Client-side API for communicating with authenticators\n- `Credential`: Representation of credentials stored on authenticators\n\n### Configurable Authenticator\n\nYou can customize the authenticator with specific AAGUID, commands, options, and extensions:\n\n```rust\nuse keylib::{\n    Authenticator, AuthenticatorConfig, AuthenticatorOptions,\n    CallbacksBuilder, CtapCommand, UpResult\n};\nuse std::sync::Arc;\n\n// Configure specific capabilities\nlet options = AuthenticatorOptions::new()\n    .with_resident_keys(true)\n    .with_user_verification(Some(true))  // UV capable and configured\n    .with_client_pin(Some(true))         // PIN capable and set\n    .with_credential_management(Some(true));\n\n// Build full configuration\nlet config = AuthenticatorConfig::builder()\n    .aaguid([0x6f, 0x15, 0x82, 0x74, 0xaa, 0xb6, 0x44, 0x3d,\n             0x9b, 0xcf, 0x8a, 0x3f, 0x69, 0x29, 0x7c, 0x88])\n    .commands(vec![\n        CtapCommand::MakeCredential,\n        CtapCommand::GetAssertion,\n        CtapCommand::GetInfo,\n        CtapCommand::ClientPin,\n    ])\n    .options(options)\n    .max_credentials(100)  // Allow up to 100 resident keys\n    .extensions(vec![\"credProtect\".to_string(), \"hmac-secret\".to_string()])\n    .build();\n\nlet callbacks = CallbacksBuilder::new()\n    .up(Arc::new(|_info, _user, _rp| Ok(UpResult::Accepted)))\n    .build();\n\nlet auth = Authenticator::with_config(callbacks, config)?;\n```\n\n**Configuration Options:**\n\n- **AAGUID**: Custom 16-byte authenticator identifier\n- **Commands**: Select which CTAP commands to enable (default: MakeCredential, GetAssertion,\n  GetInfo, ClientPin, Selection)\n- **Custom Commands**: Add vendor-specific commands (0x40-0xFF) with custom handlers\n- **Options**: Fine-tune capabilities:\n  - `rk`: Resident key (discoverable credentials) support\n  - `up`: User presence capability\n  - `uv`: User verification (None/Some(false)/Some(true) for not capable/capable but not\n    configured/capable and configured)\n  - `plat`: Platform device flag\n  - `client_pin`: Client PIN capability and status\n  - `pin_uv_auth_token`: PIN/UV auth token support\n  - `cred_mgmt`: Credential management support\n  - `bio_enroll`: Biometric enrollment support\n  - `large_blobs`: Large blobs support\n  - `ep`: Enterprise attestation\n  - `always_uv`: Always require user verification\n- **Max Credentials**: Maximum number of discoverable credentials (default: 25)\n- **Extensions**: List of supported extensions (e.g., \"credProtect\", \"hmac-secret\", \"largeBlobKey\")\n\n### Custom Commands\n\nYou can extend the CTAP protocol with vendor-specific commands:\n\n```rust\nuse keylib::{AuthenticatorConfig, CustomCommand};\nuse std::sync::Arc;\n\n// Define a custom command handler\nlet custom_handler = Arc::new(|_auth, request, response| {\n    // Parse request, perform operation, write response\n    response[0] = 0x00; // CTAP2_OK\n    1 // Response length\n});\n\nlet custom_cmd = CustomCommand::new(0x41, custom_handler);\n\nlet config = AuthenticatorConfig::builder()\n    .commands(vec![\n        CtapCommand::MakeCredential,\n        CtapCommand::GetAssertion,\n        // ... standard commands ...\n    ])\n    .custom_commands(vec![custom_cmd])\n    .build();\n```\n\nCustom commands allow you to:\n\n- Implement vendor-specific functionality\n- Extend credential management with custom operations\n- Add proprietary features while maintaining CTAP2 compatibility\n- Use command bytes 0x40-0xFF (standard CTAP2 uses 0x01-0x0b)\n\nSee [`examples/custom_commands.rs`](keylib/examples/custom_commands.rs) for a complete example.\n\nSee [`examples/advanced_config.rs`](keylib/examples/advanced_config.rs) for a complete\ndemonstration.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpando85%2Frust-keylib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpando85%2Frust-keylib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpando85%2Frust-keylib/lists"}