History

dependabot[bot] 9457549fff build(deps): bump github.com/vbauerster/mpb/v7 from 7.5.2 to 7.5.3 Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb) from 7.5.2 to 7.5.3. - [Release notes](https://github.com/vbauerster/mpb/releases) - [Commits](https://github.com/vbauerster/mpb/compare/v7.5.2...v7.5.3) --- updated-dependencies: - dependency-name: github.com/vbauerster/mpb/v7 dependency-type: direct:production update-type: version-update:semver-patch ... Also bump the go module to 1.17 to be able to compile the new code. Given containers/common and others already require go 1.17+ we're safe to go. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>		2022-09-13 08:58:22 +02:00
..
.gitignore	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
LICENSE	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
Makefile.release	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
README.md	build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3	2022-03-22 11:11:50 +00:00
error.go	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
hsm.db	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
params.go	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
pkcs11.go	build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3	2022-03-22 11:11:50 +00:00
pkcs11.h	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
pkcs11f.h	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
pkcs11go.h	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
pkcs11t.h	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
release.go	build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3	2022-03-22 11:11:50 +00:00
softhsm.conf	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
softhsm2.conf	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
types.go	build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3	2022-03-22 11:11:50 +00:00
vendor.go	Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0	2021-02-09 10:49:43 -05:00
zconst.go	build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3	2022-03-22 11:11:50 +00:00

README.md

PKCS#11

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.

SoftHSM

Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

Then use softhsm to init it

softhsm --init-token --slot 0 --label test --pin 1234

Then use libsofthsm2.so as the pkcs11 module:

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
err := p.Initialize()
if err != nil {
    panic(err)
}

defer p.Destroy()
defer p.Finalize()

slots, err := p.GetSlotList(true)
if err != nil {
    panic(err)
}

session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
    panic(err)
}
defer p.CloseSession(session)

err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
    panic(err)
}
defer p.Logout(session)

p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
    panic(err)
}

for _, d := range hash {
        fmt.Printf("%x", d)
}
fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.