PKCS#11

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.

SoftHSM

Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

Then use softhsm to init it

softhsm --init-token --slot 0 --label test --pin 1234

Then use libsofthsm2.so as the pkcs11 module:

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
err := p.Initialize()
if err != nil {
    panic(err)
}

defer p.Destroy()
defer p.Finalize()

slots, err := p.GetSlotList(true)
if err != nil {
    panic(err)
}

session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
    panic(err)
}
defer p.CloseSession(session)

err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
    panic(err)
}
defer p.Logout(session)

p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
    panic(err)
}

for _, d := range hash {
        fmt.Printf("%x", d)
}
fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.

Name	Name	Last commit message	Last commit date
Latest commit ansiwen Remove unnecessary memory copies by C.GoBytes() calls (miekg#154 ) Jan 26, 2022 9a05b23 · Jan 26, 2022 History 329 Commits
.github/workflows	.github/workflows	Generate const.go (miekg#147 )	Jan 4, 2022
p11	p11	Add the p11 PrivateKey.Derive() function (miekg#128 )	Jan 18, 2022
test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142	test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142	Test the const generation (miekg#152 )	Jan 6, 2022
.gitignore	.gitignore	Add RSA-PSS and RSA-OAEP parameters (miekg#73 )	Sep 28, 2018
LICENSE	LICENSE	Add license	Aug 14, 2013
Makefile.release	Makefile.release	release script	Apr 19, 2019
README.md	README.md	Use softhsm2 and clear badges	Jan 4, 2022
const_generate.go	const_generate.go	Test the const generation (miekg#152 )	Jan 6, 2022
const_test.go	const_test.go	Test the const generation (miekg#152 )	Jan 6, 2022
error.go	error.go	Add license	Aug 14, 2013
go.mod	go.mod	Move to go modules (miekg#106 )	Apr 1, 2019
hsm.db	hsm.db	Add two objects to the database	Aug 12, 2013
parallel_test.go	parallel_test.go	Add RSA-PSS and RSA-OAEP parameters (miekg#73 )	Sep 28, 2018
params.go	params.go	Remove unnecessary memory copies by C.GoBytes() calls (miekg#154 )	Jan 26, 2022
params_test.go	params_test.go	Add RSA-PSS and RSA-OAEP parameters (miekg#73 )	Sep 28, 2018
pkcs11.go	pkcs11.go	More complete parsing of pkcs11t.h (miekg#151 )	Jan 5, 2022
pkcs11.h	pkcs11.h	fix SHA HMAC Constants (miekg#51 )	Sep 15, 2017
pkcs11_test.go	pkcs11_test.go	Generate const.go (miekg#147 )	Jan 4, 2022
pkcs11f.h	pkcs11f.h	fix SHA HMAC Constants (miekg#51 )	Sep 15, 2017
pkcs11go.h	pkcs11go.h	Add RSA-PSS and RSA-OAEP parameters (miekg#73 )	Sep 28, 2018
pkcs11t.h	pkcs11t.h	feat: add SHA3 support (miekg#87 )	Sep 28, 2018
release.go	release.go	Release 1.1.1	Jan 5, 2022
softhsm.conf	softhsm.conf	Add softhsm conf and db	Aug 10, 2013
softhsm2.conf	softhsm2.conf	Tweaks (miekg#114 )	Apr 29, 2019
types.go	types.go	Remove unnecessary memory copies by C.GoBytes() calls (miekg#154 )	Jan 26, 2022
vendor.go	vendor.go	More complete parsing of pkcs11t.h (miekg#151 )	Jan 5, 2022
zconst.go	zconst.go	More complete parsing of pkcs11t.h (miekg#151 )	Jan 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

PKCS#11

SoftHSM

Examples

About

Releases

Packages

Languages

License

baycan/pkcs11

Folders and files

Latest commit

History

Repository files navigation

PKCS#11

SoftHSM

Examples

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages