keycred

package module
v1.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2025 License: MIT Imports: 22 Imported by: 0

README

keycred

Generate and Manage KeyCredentialLinks

Release Go Doc Software License Go Report Card

keycred is CLI tool and library that implements the KeyCredentialLink structures according to section 2.2.20 of the Active Directory Technical Specification (MS-ADTS). It also supports several deviations from the specification that are encountered in practice.

The project also contains a tool to manipulate the msDS-KeyCredentialLink LDAP attribute in order to register KeyCredentialLinks in Active Directory environments.

Features

  • Supported authentication mechanism: Kerberos (password, NT hash, AES key, CCache, PKINIT), mTLS, NTLM (password or NT hash), SimpleBind (password).
  • UnPAC-the-Hash: Retrieve the user's NT hash via PKINIT Kerberos authentication.
  • Cross-platform compatible single binary
  • Certificate otherName SAN extensions allows certificates to be used by certipy auth without specifying username and domain.
  • Backup and restore functionality, that is useful when a new KeyCredentialLink should be registered for a computer account where another KeyCredentialLink is already present.
  • Both the library and the tool can generate KeyCredentialLinks that are strictly compliant with the rules for validated writes (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c) that should be enforced when computer accounts modify their own msDS-KeyCredentialLink attribute.

Usage:

The keycred CLI tool can be used to create and manage KeyCredentialLinks, and certificate/key pairs:

$ ./keycred --help
Create and manage KeyCredentialLinks

Usage:
  keycred [command]

Available Commands:
  add         Create certificate/key and register it in LDAP
  add-raw     Register a raw DN-Binary string in LDAP
  list        List KeyCredentialLinks of a single user or all users
  remove      Remove a single KeyCredentialLink of a user
  clear       Remove all KeyCredentialLinks of a user
  auth        Authenticate and retrieve the NT hash using PKINIT (requires --pfx)
  burn        Authenticate to obtain hash/ticket and clear KeyCredentialLink (requires --pfx)
  backup      Backup all KeyCredentialLinks of a user
  restore     Restore the KeyCredentialLinks from a backup file
  register    Register the key from an existing PFX file
  parse       Parse a KeyCredentialLink in DN-Binary form
  help        Help about any command
  completion  Generate the autocompletion script for the specified shell

Flags:
      --aes-key hex key       Kerberos AES hex key
      --ccache file           Kerberos CCache file name (defaults to $KRB5CCNAME, currently unset)
      --dc string             Domain controller
      --debug                 Enable debug output
  -h, --help                  help for keycred
  -k, --kerberos              Use Kerberos authentication
  -H, --nt-hash hash          NT hash ('NT', ':NT' or 'LM:NT')
  -p, --password string       Password
      --pfx file              Client certificate and private key as PFX file
      --pfx-password string   Password for PFX file
      --scheme string         Scheme (ldap or ldaps) (default "ldaps")
      --simple-bind           Authenticate with simple bind
      --socks address         SOCKS5 server address
      --start-tls             Negotiate StartTLS before authenticating on regular LDAP connection
  -t, --target user           Target user (default is the authenticating user)
      --timeout duration      LDAP connection timeout (default 5s)
  -u, --user user@domain      Username ('user@domain', 'domain\user', 'domain/user' or 'user')
      --verify                Verify LDAP TLS certificate

Use "keycred [command] --help" for more information about a command.

Additionally, this repository also includes pfxtool, which can be used to work with PFX files:

$ ./pfxtool --help
Convert certificates and keys from and to PFX files

Usage:
  pfxtool [command]

Available Commands:
  join        Create a PFX file by joining a PEM encoded key and cert
  split       Split a PFX file into PEM encoded key and cert
  decrypt     Remove the password from a PFX file
  encrypt     Encrypt the PFX file with a password
  inspect     Inspect the contents of a PFX
  create      Create a certificate/key pair and save it as a PFX file
  help        Help about any command
  completion  Generate the autocompletion script for the specified shell

Flags:
  -f, --force             Overwrite existing output files
  -h, --help              help for pfxtool
  -p, --password string   PFX password

Building

The keycred tool can be built as follows:

go build ./cmd/keycred

The PFX handling tool pfxtool can be built as follows:

go build ./cmd/pfxtool

Documentation

Index

Constants

View Source 
const (
	TypeKeyID                            uint8 = 0x01
	TypeKeyHash                          uint8 = 0x02
	TypeKeyMaterial                      uint8 = 0x03
	TypeKeyUsage                         uint8 = 0x04
	TypeKeySource                        uint8 = 0x05
	TypeDeviceId                         uint8 = 0x06
	TypeCustomKeyInformation             uint8 = 0x07
	TypeKeyApproximateLastLogonTimeStamp uint8 = 0x08
	TypeKeyCreationTime                  uint8 = 0x09
)
View Source 
const (
	KeyTypeRSAPublic      = 0x31415352
	KeyTypeRSAPrivate     = 0x32415352
	KeyTypeRSAFullPrivate = 0x33415352
)
View Source 
const (
	KeyUsageAdminKey          uint8 = 0
	KeyUsageNGC               uint8 = 1
	KeyUsageSTK               uint8 = 2
	KeyUsageBitlockerRecovery uint8 = 3
	KeyUsageOther             uint8 = 4
	KeyUsageFIDO              uint8 = 7
	KeyUsageFEK               uint8 = 8
)
View Source 
const (
	KeySourceAD      uint8 = 0
	KeySourceEntraID uint8 = 1
)

Variables

This section is empty.

Functions

func FormatKeyCredentials 

func FormatKeyCredentials(kcls []*KeyCredentialLink, includeRaw bool, colored bool) string

FormatKeyCredentials formats a multiple KeyCredentialLinks with optional color support for terminal rendering.

func MarshalPublicKeyMaterial 

func MarshalPublicKeyMaterial(key *rsa.PublicKey, asDER bool) ([]byte, error)

MarshalPublicKeyMaterial serializes an RSA public key in a bcrypt RSA key blob (https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob) or DER representation.

func TimeAsFileTime 

func TimeAsFileTime(t time.Time) uint64

func TimeAsFileTimeBytes 

func TimeAsFileTimeBytes(t time.Time) []byte

TimeAsFileTimeBytes expresses the input time as FILETIME buffer according to: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/2c57429b-fdd4-488f-b5fc-9e4cf020fcdf

func TimeFromFileTime 

func TimeFromFileTime(fileTime uint64) time.Time

func TimeFromFileTimeBytes 

func TimeFromFileTimeBytes(fileTime []byte) (t time.Time, err error)

TimeFromFileTimeBytes parses a FILETIME buffer according to: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/2c57429b-fdd4-488f-b5fc-9e4cf020fcdf

func UnmarshalPublicKeyMaterial 

func UnmarshalPublicKeyMaterial(buffer []byte) (key *rsa.PublicKey, isDER bool, err error)

UnmarshalPublicKeyMaterial parses binary key material in bcrypt RSA key blob (https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob) or DER format.

Types

type Credential 

type Credential struct {
	KeyCredentialLink *KeyCredentialLink
	Key               *rsa.PrivateKey
	Certificate       *x509.Certificate
	PFX               []byte
}

Credential hols both the KeyCredentialLink as well as the corresponding certificate and private key, including the PFX bundle. 

func GeneratePFXAndCustomKeyCredentialLink(
	keySize int, subject string, dn string, otherName string,
	derFormatted bool, pfxPassword string, additionalEntries ...KeyCredentialLinkEntry,
) (*Credential, error)

GeneratePFXAndKeyCredentialLink generates a certificate and private key alongside the corresponding KeyCredentialLink with custom key format, the required entries and user-supplied additional entries. The subject is reflected in the certificate common name, the DN in the KeyCredentialLink's DN-Binary representation. Optionally, otherName can be supplied which will be reflected in an otherName certificate SAN extension if it is not empty. 

func GeneratePFXAndKeyCredentialLink(
	keySize int, subject string, dn string, otherName string, deviceID uuid.UUID, pfxPassword string,
) (*Credential, error)

GeneratePFXAndKeyCredentialLink generates a certificate and private key alongside the corresponding KeyCredentialLink with the required entries as well as a device ID, stub custom key information, an approximate last logon time stamp with the current time and a key creation time with the current time. The subject is reflected in the certificate common name, the DN in the KeyCredentialLink's DN-Binary representation. Optionally, otherName can be supplied which will be reflected in an otherName certificate SAN extension if it is not empty. 

func GeneratePFXAndValidatedWriteCompatibleKeyCredentialLink(
	keySize int, subject string, dn string, otherName string, deviceID uuid.UUID, pfxPassword string,
) (*Credential, error)

GeneratePFXAndKeyCredentialLink generates a certificate and private key alongside the corresponding KeyCredentialLink that only contains the entries that are compatible with validated writes (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c). The subject is reflected in the certificate common name, the DN in the KeyCredentialLink's DN-Binary representation. Optionally, otherName can be supplied which will be reflected in an otherName certificate SAN extension if it is not empty.

type CustomKeyInformation 

type CustomKeyInformation struct {
	Version              uint8
	Flags                CustomKeyInformationFlags
	VolType              CustomKeyInformationVolType
	SupportsNotification CustomKeyInformationSupportsNotification
	FekKeyVersion        uint8
	KeyStrength          CustomKeyInformationKeyStrengh
	Reserved             []byte
	ExtendedInfo         []*EncodedExtendedCKI

	// FullRepresentation is not present in the struct, it is only used to
	// distinguish between the two representations.
	FullRepresentation bool
}

CustomKeyInformation represents the CUSTOM_KEY_INFORMATION structure (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/701a55dc-d062-4032-a2da-dbdfc384c8cf).

func ParseCustomKeyInformation 

func ParseCustomKeyInformation(data []byte, strict bool) (*CustomKeyInformation, error)

ParseCustomKeyInformation parses the CUSTOM_KEY_INFORMATION structure from bytes. If strict parsing is enabled, it returns an error if a version field with an unexpected value is encountered.

func (*CustomKeyInformation) Bytes 

func (cki *CustomKeyInformation) Bytes() []byte

Bytes returns the binary representation of the CUSTOM_KEY_INFORMATION structure.

func (*CustomKeyInformation) String 

func (cki *CustomKeyInformation) String() string

String returns a human readable string representation of the CUSTOM_KEY_INFORMATION structure.

type CustomKeyInformationEntry 

type CustomKeyInformationEntry struct {
	*RawEntry
	Info *CustomKeyInformation
}

func AsCustomKeyInformationEntry 

func AsCustomKeyInformationEntry(entry *RawEntry, _ Version) (*CustomKeyInformationEntry, error)

func NewCustomKeyInformationEntry 

func NewCustomKeyInformationEntry(kci *CustomKeyInformation) *CustomKeyInformationEntry

func (*CustomKeyInformationEntry) String 

func (cki *CustomKeyInformationEntry) String() string

type CustomKeyInformationFlags 

type CustomKeyInformationFlags uint8
const (
	CustomKeyInformationFlagsAttestation CustomKeyInformationFlags = 0x01
	CustomKeyInformationFlagsMFANotUsed  CustomKeyInformationFlags = 0x02
)

func (CustomKeyInformationFlags) String 

func (f CustomKeyInformationFlags) String() string

type CustomKeyInformationKeyStrengh 

type CustomKeyInformationKeyStrengh uint8
const (
	KeyStrengthUnknown CustomKeyInformationKeyStrengh = 0x00
	KeyStrengthWeak    CustomKeyInformationKeyStrengh = 0x01
	KeyStrengthNormal  CustomKeyInformationKeyStrengh = 0x02
)

func (CustomKeyInformationKeyStrengh) String 

func (s CustomKeyInformationKeyStrengh) String() string

type CustomKeyInformationSupportsNotification 

type CustomKeyInformationSupportsNotification uint8
const (
	SupportsNotificationNone      CustomKeyInformationSupportsNotification = 0x00
	SupportsNotificationSupported CustomKeyInformationSupportsNotification = 0x01
)

func (CustomKeyInformationSupportsNotification) String 

func (sn CustomKeyInformationSupportsNotification) String() string

type CustomKeyInformationVolType 

type CustomKeyInformationVolType uint8
const (
	VolTypeNone CustomKeyInformationVolType = 0x00
	VolTypeOSV  CustomKeyInformationVolType = 0x01
	VolTypeFDV  CustomKeyInformationVolType = 0x02
	VolTypeRDV  CustomKeyInformationVolType = 0x03
)

func (CustomKeyInformationVolType) String 

func (vt CustomKeyInformationVolType) String() string

type DeviceIDEntry 

type DeviceIDEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsDeviceIDEntry 

func AsDeviceIDEntry(entry *RawEntry, _ Version) (*DeviceIDEntry, error)

func NewDeviceIDEntry 

func NewDeviceIDEntry(guid uuid.UUID) *DeviceIDEntry

func (*DeviceIDEntry) GUID 

func (di *DeviceIDEntry) GUID() uuid.UUID

func (*DeviceIDEntry) String 

func (di *DeviceIDEntry) String() string

type EncodedExtendedCKI 

type EncodedExtendedCKI struct {
	Version uint8
	Size    uint8
	Data    []byte
}

EncodedExtendedCKI holds extended custom key information in a within a CustomKeyInformation (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/b2c0cb9b-e49e-4907-9235-f9fd7eee8c13).

func (*EncodedExtendedCKI) Bytes 

func (e *EncodedExtendedCKI) Bytes() []byte

Bytes returns the byte representation of the EncodedExtendedCKI.

type FIDOKeyMaterialEntry added in v1.1.0 

type FIDOKeyMaterialEntry struct {
	*RawEntry
	JSON struct {
		Version     int      `json:"version"`
		AuthData    []byte   `json:"authData"`
		X5C         [][]byte `json:"x5c"`
		DisplayName string   `json:"displayName"`
	}
	DisplayName string
	// Certificates holds the certificates from the x5c JSON field. The first
	// certificate is expected to be the attestation certificate and the rest
	// are the certificate chain which may not consist of actual x509
	// certificates. In this case, the corresponding entry in this slice is nil
	// and the raw data can be retrieved from the x5c JSON
	// field at the same index.
	Certificates []*x509.Certificate
	// contains filtered or unexported fields
}

func AsFIDOKeyMaterialEntry added in v1.1.0 

func AsFIDOKeyMaterialEntry(entry *RawEntry, _ Version) (*FIDOKeyMaterialEntry, error)

func (*FIDOKeyMaterialEntry) String added in v1.1.0 

func (fkm *FIDOKeyMaterialEntry) String() string

type JSONWebKeyMaterialEntry added in v1.1.3 

type JSONWebKeyMaterialEntry struct {
	*RawEntry
	JSON struct {
		KeyType string `json:"kty"`
		Curve   string `json:"crv"`
		X       string `json:"x"`
		Y       string `json:"y"`
		KeyID   []byte `json:"kid"`
	}
}

func AsJSONWebKeyMaterialEntry added in v1.1.3 

func AsJSONWebKeyMaterialEntry(entry *RawEntry, _ Version) (*JSONWebKeyMaterialEntry, error)

func (*JSONWebKeyMaterialEntry) String added in v1.1.3 

func (jwkme *JSONWebKeyMaterialEntry) String() string

type KeyApproximateLastLogonTimeStampEntry 

type KeyApproximateLastLogonTimeStampEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsKeyApproximateLastLogonTimeStampEntry 

func AsKeyApproximateLastLogonTimeStampEntry(
	entry *RawEntry, _ Version,
) (*KeyApproximateLastLogonTimeStampEntry, error)

func NewKeyApproximateLastLogonTimeStampEntry 

func NewKeyApproximateLastLogonTimeStampEntry(t time.Time) *KeyApproximateLastLogonTimeStampEntry

func (*KeyApproximateLastLogonTimeStampEntry) String 

func (lastLogon *KeyApproximateLastLogonTimeStampEntry) String() string

func (*KeyApproximateLastLogonTimeStampEntry) Time 

func (lastLogon *KeyApproximateLastLogonTimeStampEntry) Time() time.Time

type KeyCreationTimeEntry 

type KeyCreationTimeEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsKeyCreationTimeEntry 

func AsKeyCreationTimeEntry(entry *RawEntry, _ Version) (*KeyCreationTimeEntry, error)

func NewKeyCreationTimeEntry 

func NewKeyCreationTimeEntry(t time.Time) *KeyCreationTimeEntry

func (*KeyCreationTimeEntry) String 

func (creationTime *KeyCreationTimeEntry) String() string

func (*KeyCreationTimeEntry) Time 

func (creationTime *KeyCreationTimeEntry) Time() time.Time
type KeyCredentialLink struct {
	DN string

	Version Version
	Entries []KeyCredentialLinkEntry
}

KeyCredentialLink holds the KEYCREDENTIALLINK_BLOB structure (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f3f01e95-6d0c-4fe6-8b43-d585167658fa) alongside a DN such that a can correspond to a DB-Binary representation (https://learn.microsoft.com/en-us/windows/win32/adschema/s-object-dn-binary). 

func NewDERKeyCredentialLink(
	key *rsa.PublicKey, dn string, usage uint8, additionalEntries ...KeyCredentialLinkEntry,
) (*KeyCredentialLink, error)

NewDERKeyCredentialLink is like NewKeyCredentialLink but with DER formatted key material. 

func NewKeyCredentialLink(
	key *rsa.PublicKey, dn string, usage uint8, additionalEntries ...KeyCredentialLinkEntry,
) (*KeyCredentialLink, error)

NewKeyCredentialLink returns a version 2 KEYCREDENTIALLINK_BLOB (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f3f01e95-6d0c-4fe6-8b43-d585167658fa) with the minimum required entries as well as user-supplied additional entries.

func ParseBlob 

func ParseBlob(data []byte, dn string) (*KeyCredentialLink, error)

ParseBlob parses a KeyCredentialLink from raw binary data. Since the binary representation does not include the DN, it can be passed as an optional parameter.

func ParseDNWithBinary 

func ParseDNWithBinary(keyCredentialLinkString string) (*KeyCredentialLink, error)

ParseDNWithBinary parses the DN-Binary string representation of a KeyCredentialLink as it is stored in LDAP (https://learn.microsoft.com/en-us/windows/win32/adschema/s-object-dn-binary). If the returned KeyCredentialLink is not modified, it is guaranteed that calling '.DNWithBinary()' on it reproduces the input string of 'ParseDNWithBinary' exactly.

func (*KeyCredentialLink) Bytes 

func (kcl *KeyCredentialLink) Bytes() []byte

Bytes returns the binary representation of the KEYCREDENTIALLINK_BLOB structure (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f3f01e95-6d0c-4fe6-8b43-d585167658fa).

func (*KeyCredentialLink) CheckValidatedWriteCompatible 

func (kcl *KeyCredentialLink) CheckValidatedWriteCompatible() error

CheckValidatedWriteCompatible checks whether the KeyCredentialLink conforms to the rules defined in section 3.1.1.5.3.1.1.6 of the Active Directory Technical Specification (MS-ADTS) that have to be followed when modifying the msDS-KeyCredentialLink attribute with RIGHT_DS_WRITE_PROPERTY_EXTENDED permissions instead of RIGHT_DS_WRITE_PROPERTY as is the case for computer accounts modifying their own KeyCredentialLinks (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c). Note that Microsoft currently does not actually enforce most of these rules (as of 2024).

func (*KeyCredentialLink) ColoredString 

func (kcl *KeyCredentialLink) ColoredString() string

ColoredString is like String with ANSII color codes for colored terminal rendering.

func (*KeyCredentialLink) DNWithBinary 

func (kcl *KeyCredentialLink) DNWithBinary() string

DNWithBinary returns the DN-Binary representation of the KeyCredentialLink that is stored in LDAP (https://learn.microsoft.com/en-us/windows/win32/adschema/s-object-dn-binary).

func (*KeyCredentialLink) Get 

func (kcl *KeyCredentialLink) Get(entryType uint8) KeyCredentialLinkEntry

Get returns the first entry of the given type. If no such entry exists, it returns nil. Note that Get does not ensure that the returned value type corresponds to the type ID, only that the entry identifier matches the input.

func (*KeyCredentialLink) String 

func (kcl *KeyCredentialLink) String() string

String returns a human readable string summarizing the information in the KeyCredentialLink.

func (*KeyCredentialLink) Validate 

func (kcl *KeyCredentialLink) Validate() error

Validate checks if the KeyCredentialLink contains all entries are present that *MUST* be included according to the specification (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/a99409ea-4982-4f72-b7ef-8596013a36c7). It also checks wether these entries as well as version fields are valid (e.g. key hash and key ID are correct).

func (*KeyCredentialLink) ValidateStrict 

func (kcl *KeyCredentialLink) ValidateStrict() error

ValidateStrict is like Validate but it fails when an unparsable entry is encountered.

type KeyCredentialLinkEntry 

type KeyCredentialLinkEntry interface {
	RawValue() []byte
	Type() string
	String() string
	Bytes() []byte
	Entry() *RawEntry
}

func AsAppropriateKeyMaterialEntry added in v1.1.3 

func AsAppropriateKeyMaterialEntry(entry *RawEntry, version Version) (KeyCredentialLinkEntry, error)

type KeyHashEntry 

type KeyHashEntry struct {
	*RawEntry
}

func AsKeyHashEntry 

func AsKeyHashEntry(entry *RawEntry, _ Version) (*KeyHashEntry, error)

func NewKeyHashEntry 

func NewKeyHashEntry(followingEntries []KeyCredentialLinkEntry) *KeyHashEntry

func (*KeyHashEntry) String 

func (kh *KeyHashEntry) String() string

func (*KeyHashEntry) Validate 

func (kh *KeyHashEntry) Validate(followingEntries []KeyCredentialLinkEntry) bool

type KeyIDEntry 

type KeyIDEntry struct {
	*RawEntry
}

func AsKeyIDEntry 

func AsKeyIDEntry(entry *RawEntry, version Version) (*KeyIDEntry, error)

func NewKeyIDEntry 

func NewKeyIDEntry(keyMaterial KeyCredentialLinkEntry, _ Version) (*KeyIDEntry, error)

func (*KeyIDEntry) KeyID 

func (keyIDEntry *KeyIDEntry) KeyID() string

func (*KeyIDEntry) Matches 

func (keyIDEntry *KeyIDEntry) Matches(material KeyCredentialLinkEntry) bool

func (*KeyIDEntry) MatchesString 

func (keyIDEntry *KeyIDEntry) MatchesString(keyID string) bool

func (*KeyIDEntry) String 

func (keyIDEntry *KeyIDEntry) String() string

type KeyMaterialEntry 

type KeyMaterialEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsKeyMaterialEntry 

func AsKeyMaterialEntry(entry *RawEntry, _ Version) (*KeyMaterialEntry, error)

func NewKeyMaterialEntry 

func NewKeyMaterialEntry(key *rsa.PublicKey, derFormatted bool, _ Version) (*KeyMaterialEntry, error)

func (*KeyMaterialEntry) DetailedString 

func (km *KeyMaterialEntry) DetailedString() string

func (*KeyMaterialEntry) Key 

func (km *KeyMaterialEntry) Key() *rsa.PublicKey

func (*KeyMaterialEntry) KeyType 

func (km *KeyMaterialEntry) KeyType() string

func (*KeyMaterialEntry) String 

func (km *KeyMaterialEntry) String() string

type KeySourceEntry 

type KeySourceEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsKeySourceEntry 

func AsKeySourceEntry(entry *RawEntry, _ Version) (*KeySourceEntry, error)

func NewKeySourceEntry 

func NewKeySourceEntry(source uint8) *KeySourceEntry

func (*KeySourceEntry) Source 

func (ks *KeySourceEntry) Source() uint8

func (*KeySourceEntry) SourceString 

func (ks *KeySourceEntry) SourceString() string

func (*KeySourceEntry) String 

func (ks *KeySourceEntry) String() string

func (*KeySourceEntry) Value 

func (ks *KeySourceEntry) Value() uint8

type KeyUsageEntry 

type KeyUsageEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

func AsKeyUsageEntry 

func AsKeyUsageEntry(entry *RawEntry, _ Version) (*KeyUsageEntry, error)

func NewKeyUsageEntry 

func NewKeyUsageEntry(usage uint8) *KeyUsageEntry

func NewLegacyKeyUsageEntry 

func NewLegacyKeyUsageEntry(usage string) *KeyUsageEntry

func (*KeyUsageEntry) Is 

func (ku *KeyUsageEntry) Is(usage uint8) bool

func (*KeyUsageEntry) String 

func (ku *KeyUsageEntry) String() string

func (*KeyUsageEntry) Usage 

func (ku *KeyUsageEntry) Usage() int

func (*KeyUsageEntry) UsageString 

func (ku *KeyUsageEntry) UsageString() string

type RawEntry 

type RawEntry struct {
	Length     uint16
	Identifier uint8
	Value      []byte
}

func (*RawEntry) Bytes 

func (re *RawEntry) Bytes() []byte

Bytes returns the binary representation of the entry.

func (*RawEntry) Entry 

func (re *RawEntry) Entry() *RawEntry

Entry returns the raw uninterpreted entry consisting only of length, identifier and value.

func (*RawEntry) RawValue 

func (re *RawEntry) RawValue() []byte

RawValue makes the binary value of the entry accessible though an KeyCredentialLinkEntry interface.

func (*RawEntry) String 

func (re *RawEntry) String() string

String returns a human readable representation of the entry.

func (*RawEntry) Type 

func (re *RawEntry) Type() string

Type returns the human readable name of the entry type.

type UnknownEntry 

type UnknownEntry struct {
	*RawEntry
}

UnknownEntry represents an entry whose identifier is not known and which therefore cannot be interpreted.

func (*UnknownEntry) String 

func (ue *UnknownEntry) String() string

type UnparsableEntry 

type UnparsableEntry struct {
	*RawEntry
	// contains filtered or unexported fields
}

UnparsableEntry represents an entry with a known identifier that could not be parsed according to the rules for that identifier.

func NewUnparsableEntry 

func NewUnparsableEntry(entry *RawEntry, err error) *UnparsableEntry

func (*UnparsableEntry) String 

func (ue *UnparsableEntry) String() string

type Version 

type Version uint32

Version holds the version of a KEYCREDENTIALLINK_BLOB (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d4b9b239-dbe8-4475-b6f9-745612c64ed0). 

const (
	Version0 Version = 0x0
	Version1 Version = 0x00000100
	Version2 Version = 0x00000200
)

func (Version) String 

func (v Version) String() string

String returns the string representation a KeyCredentialLink version.

Source Files

View all Source files

Directories

Path Synopsis
cmd
keycred command
pfxtool command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.