1 package File
::KDBX
::Key
::ChallengeResponse
;
2 # ABSTRACT: A challenge-response key
8 use File
::KDBX
::Util
qw(:class);
11 extends
'File::KDBX::Key';
13 our $VERSION = '999.999'; # VERSION
17 my $primitive = shift or throw
'Missing key primitive';
19 $self->{responder
} = $primitive;
26 $raw_key = $key->raw_key;
27 $raw_key = $key->raw_key($challenge);
29 Get the raw key which
is the response to a challenge
. The response will be saved so that subsequent calls
30 (with
or without the challenge
) can provide the response without challenging the responder again
. Only one
31 response
is saved at a
time; if you call this with a different challenge
, the new response
is saved over any
39 my $challenge = shift // '';
40 # Don't challenge if we already have the response.
41 return $self->SUPER::raw_key
if $challenge eq ($self->{challenge
} // '');
42 $self->_set_raw_key($self->challenge($challenge, @_));
43 $self->{challenge
} = $challenge;
45 $self->SUPER::raw_key
;
50 $response = $key->challenge($challenge, @options);
52 Issue a challenge
and get a response
, or throw
if the responder failed to provide one
.
59 my $responder = $self->{responder
} or throw
'Cannot issue challenge without a responder';
60 return $responder->(@_);
68 use File::KDBX::Key::ChallengeResponse;
71 my $challenge = shift;
72 ...; # generate a response based on a secret of some sort
75 my $key = File::KDBX::Key::ChallengeResponse->new($responder);
79 A challenge-response key is kind of like multifactor authentication, except you don't really I<authenticate>
80 to a KDBX database because it's not a service. Specifically it would be the "what you have" component. It
81 assumes there is some device that can store a key that is only known to the owner of a database. A challenge
82 is made to the device and the response generated based on the key is used as the raw key.
84 Inherets methods and attributes from L<File::KDBX::Key>.
86 This is a generic implementation where a responder subroutine is provided to provide the response. There is
87 also L<File::KDBX::Key::YubiKey> which is a subclass that allows YubiKeys to be responder devices.