pkcs11 package
414 views
Skip to first unread message
Miek Gieben
Sep 21, 2012, 6:48:54 AM9/21/12
to Go List
Hello,
I started a small project on getting a PKCS#11 interface into Go. It's still
in the early stages, but the code can be found here:
https://github.com/miekg/pkcs11
I looked at various C wrapper libs, but they all had some quirks or depended
on OpenSSL. So in the end I decided to write a Go only package + with the
help of some C helper functions.
This is a small example that uses the softhsm pkcs#11 lib, and prints out
the slot description and the manufacturer of the token (if available).
package main
import (
"github.com/miekg/pkcs11"
)
func main() {
p := pkcs11.New("/usr/lib/libsofthsm.so")
if p == nil {
return
}
defer p.Destroy()
slots, _ := p.Slots()
for _, s := range slots {
println(s.Description)
if s.Token != nil {
println(s.Token.Manufacturer)
}
}
}
# assuming softhsm is installed
% sudo ./example1
SoftHSM
SoftHSM
The Go interface will probably be a bit higher level than the PKCS#11 standard.
And my goal is to (re)use as much of the current crypto packages in this pkcs11
package.
Comment, help and feedback welcome.
Regards,
--
Miek Gieben http://miek.nl
I started a small project on getting a PKCS#11 interface into Go. It's still
in the early stages, but the code can be found here:
https://github.com/miekg/pkcs11
I looked at various C wrapper libs, but they all had some quirks or depended
on OpenSSL. So in the end I decided to write a Go only package + with the
help of some C helper functions.
This is a small example that uses the softhsm pkcs#11 lib, and prints out
the slot description and the manufacturer of the token (if available).
package main
import (
"github.com/miekg/pkcs11"
)
func main() {
p := pkcs11.New("/usr/lib/libsofthsm.so")
if p == nil {
return
}
defer p.Destroy()
slots, _ := p.Slots()
for _, s := range slots {
println(s.Description)
if s.Token != nil {
println(s.Token.Manufacturer)
}
}
}
# assuming softhsm is installed
% sudo ./example1
SoftHSM
SoftHSM
The Go interface will probably be a bit higher level than the PKCS#11 standard.
And my goal is to (re)use as much of the current crypto packages in this pkcs11
package.
Comment, help and feedback welcome.
Regards,
--
Miek Gieben http://miek.nl
Miek Gieben
Sep 22, 2012, 2:32:39 PM9/22/12
to Go List
[ Quoting <mi...@miek.nl> in "[go-nuts] pkcs11 package..." ]
the entire PKCS#11 API in Go. I.e: C_Initialize() becomes p.C_Initialize(),
where p is a *Pkcs11.
Right now I have enough of the basics (it's a large API) to almost start with
importing keys and start signing.
I'm still contemplating if its worth to add a higher Go layer to this lower
level API.
grtz Miek
> Hello,
>
> I started a small project on getting a PKCS#11 interface into Go. It's still
> in the early stages, but the code can be found here:
> https://github.com/miekg/pkcs11
After some more fiddling I decided to restart the effort :) I'm now implementing
>
> I started a small project on getting a PKCS#11 interface into Go. It's still
> in the early stages, but the code can be found here:
> https://github.com/miekg/pkcs11
the entire PKCS#11 API in Go. I.e: C_Initialize() becomes p.C_Initialize(),
where p is a *Pkcs11.
Right now I have enough of the basics (it's a large API) to almost start with
importing keys and start signing.
I'm still contemplating if its worth to add a higher Go layer to this lower
level API.
grtz Miek
Miek Gieben
Sep 25, 2012, 2:06:00 AM9/25/12
to golan...@googlegroups.com
[ Quoting <cardb...@gmail.com> in "Re: [go-nuts] pkcs11 package..." ]
> Awesome, I wish I had this a few months ago when I was flailing about with
> PKCS11 in C++. I wouldn't worry to much about the higher level API. Some helper
> functions might be useful if enough use cases can be found.
Well... help is still welcome :)
The following now works and I'm sorta happy with the API, but it still doesn't
look too good.
<assume softhsm is installed>
% cd pkcs11/example1
% export SOFTHSM_CONF=$PWD/softhsm.conf
% softhsm --init-token --slot 0 --label test --pin 1234 --so-pin 1234
% ./example1
SoftHSM
slots [0]
2
1
The 2 and 1 are the handles of the generated keys. Signging 'n stuff is
up next.
The API look like this, GenerateKeyPair is now:
pub, priv, e := p.C_GenerateKeyPair(session, &pkcs11.CKM_RSA_PKCS_KEY_PAIR_GEN{},
[]pkcs11.Attribute{&pkcs11.CKA_MODULUS_BITS{1024}},
[]pkcs11.Attribute{&pkcs11.CKA_TOKEN{true}, &pkcs11.CKA_PRIVATE{false}})
Regards,
Miek
> Awesome, I wish I had this a few months ago when I was flailing about with
> PKCS11 in C++. I wouldn't worry to much about the higher level API. Some helper
> functions might be useful if enough use cases can be found.
Well... help is still welcome :)
The following now works and I'm sorta happy with the API, but it still doesn't
look too good.
<assume softhsm is installed>
% cd pkcs11/example1
% export SOFTHSM_CONF=$PWD/softhsm.conf
% softhsm --init-token --slot 0 --label test --pin 1234 --so-pin 1234
% ./example1
SoftHSM
slots [0]
2
1
The 2 and 1 are the handles of the generated keys. Signging 'n stuff is
up next.
The API look like this, GenerateKeyPair is now:
pub, priv, e := p.C_GenerateKeyPair(session, &pkcs11.CKM_RSA_PKCS_KEY_PAIR_GEN{},
[]pkcs11.Attribute{&pkcs11.CKA_MODULUS_BITS{1024}},
[]pkcs11.Attribute{&pkcs11.CKA_TOKEN{true}, &pkcs11.CKA_PRIVATE{false}})
Regards,
Miek
Reply all
Reply to author
Forward
0 new messages