k3s/vendor/github.com/miekg/pkcs11
Brad Davidson b9cc6409f4 Bump containerd to v1.4.8-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-20 15:04:37 -07:00
..
.gitignore Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
.travis.yml Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
const.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
error.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
go.mod Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
hsm.db Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
LICENSE Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
Makefile.release Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
params.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
pkcs11.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
pkcs11.h Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
pkcs11f.h Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
pkcs11go.h Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
pkcs11t.h Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
README.md Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
release.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
softhsm2.conf Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
softhsm.conf Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
types.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00
vendor.go Bump containerd to v1.4.8-k3s1 2021-07-20 15:04:37 -07:00

PKCS#11 Build Status GoDoc

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were it makes sense. It has been tested with SoftHSM.

SoftHSM

  • Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

  • Then use softhsm to init it

    softhsm --init-token --slot 0 --label test --pin 1234
    
  • Then use libsofthsm.so as the pkcs11 module:

    p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
    

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
err := p.Initialize()
if err != nil {
    panic(err)
}

defer p.Destroy()
defer p.Finalize()

slots, err := p.GetSlotList(true)
if err != nil {
    panic(err)
}

session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
    panic(err)
}
defer p.CloseSession(session)

err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
    panic(err)
}
defer p.Logout(session)

p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
    panic(err)
}

for _, d := range hash {
        fmt.Printf("%x", d)
}
fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.