You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35b238ee82
This might break compatibility with projects using this module that are still on go1.16, which is EOL, so probably ok to ignore: github.com/docker/buildx/store imports github.com/gofrs/flock tested by github.com/gofrs/flock.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
3 years ago | |
---|---|---|
.. | ||
.gitignore | ||
LICENSE | ||
Makefile.release | ||
README.md | ||
error.go | ||
hsm.db | ||
params.go | ||
pkcs11.go | ||
pkcs11.h | ||
pkcs11f.h | ||
pkcs11go.h | ||
pkcs11t.h | ||
release.go | ||
softhsm.conf | ||
softhsm2.conf | ||
types.go | ||
vendor.go | ||
zconst.go |
README.md
PKCS#11
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.
SoftHSM
-
Make it use a custom configuration file
export SOFTHSM_CONF=$PWD/softhsm.conf
-
Then use
softhsm
to init itsofthsm --init-token --slot 0 --label test --pin 1234
-
Then use
libsofthsm2.so
as the pkcs11 module:p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
Examples
A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
err := p.Initialize()
if err != nil {
panic(err)
}
defer p.Destroy()
defer p.Finalize()
slots, err := p.GetSlotList(true)
if err != nil {
panic(err)
}
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
panic(err)
}
defer p.CloseSession(session)
err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
panic(err)
}
defer p.Logout(session)
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
panic(err)
}
for _, d := range hash {
fmt.Printf("%x", d)
}
fmt.Println()
Further examples are included in the tests.
To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.