1 package File
::KDBX
::Key
::ChallengeResponse
;
2 # ABSTRACT: A challenge-response key
10 use parent
'File::KDBX::Key';
12 our $VERSION = '999.999'; # VERSION
16 my $primitive = shift or throw
'Missing key primitive';
18 $self->{responder
} = $primitive;
25 $raw_key = $key->raw_key;
26 $raw_key = $key->raw_key($challenge);
28 Get the raw key which
is the response to a challenge
. The response will be saved so that subsequent calls
29 (with
or without the challenge
) can provide the response without challenging the responder again
. Only once
30 response
is saved at a
time; if you call this with a different challenge
, the new response
is saved over any
38 my $challenge = shift // '';
39 # Don't challenge if we already have the response.
40 return $self->SUPER::raw_key
if $challenge eq ($self->{challenge
} // '');
41 $self->_set_raw_key($self->challenge($challenge, @_));
42 $self->{challenge
} = $challenge;
44 $self->SUPER::raw_key
;
49 $response = $key->challenge($challenge, @options);
51 Issue a challenge
and get a response
, or throw
if the responder failed to provide one
.
58 my $responder = $self->{responder
} or throw
'Cannot issue challenge without a responder';
59 return $responder->(@_);
67 use File::KDBX::Key::ChallengeResponse;
70 my $challenge = shift;
71 ...; # generate a response based on a secret of some sort
74 my $key = File::KDBX::Key::ChallengeResponse->new($responder);
78 A challenge-response key is kind of like multifactor authentication, except you don't really I<authenticate>
79 to a KDBX database because it's not a service. Specifically it would be the "what you have" component. It
80 assumes there is some device that can store a key that is only known to the unlocker of a database.
81 A challenge is made to the device and the response generated based on the key is used as the raw key.
83 Inherets methods and attributes from L<File::KDBX::Key>.
85 This is a generic implementation where a responder subroutine is provided to provide the response. There is
86 also L<File::KDBX::Key::YubiKey> which is a subclass that allows YubiKeys to be responder devices.