miekg/pkcs11

Stars
375
Rank 114,096 (Top 3 %)
Language
Go
License
BSD 3-Clause "New...
Created about 12 years ago
Updated 7 months ago

miekg/pkcs11

miekg

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

pkcs11 wrapper for Go

PKCS#11

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.

SoftHSM

Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

Then use softhsm to init it

softhsm --init-token --slot 0 --label test --pin 1234

Then use libsofthsm2.so as the pkcs11 module:

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
err := p.Initialize()
if err != nil {
    panic(err)
}

defer p.Destroy()
defer p.Finalize()

slots, err := p.GetSlotList(true)
if err != nil {
    panic(err)
}

session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
    panic(err)
}
defer p.CloseSession(session)

err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
    panic(err)
}
defer p.Logout(session)

p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
    panic(err)
}

for _, d := range hash {
        fmt.Printf("%x", d)
}
fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.

dns

DNS library in Go

gobook

A complete introduction into Go, superseded by https://github.com/miekg/learninggo

learninggo

Learning Go Book in mmark

gitopper

Gitops for non-Kubernetes folks

exdns

Go DNS example programs

lean

Pretty, minimal, one-line, fast ZSH prompt

rdup

The only backup program that doesn't make backups!

unbound

A Go wrapper for libunbound

pandoc2rfc

Use pandoc to create XML suitable for xml2rfc

dinit

An init for use inside Docker containers

skydns2

Development is taking place: https://github.com/skynetservices/skydns2

dnsv2

bgp

BGP implementation in Go

xds

command line interface for Envoy xDS endpoint

block

Proof of concept CoreDNS plugin that implements a block list

yamlfmt

dnsfs

A DNS filesystem

redis

CoreDNS plugin implementing a shared cache using Redis

bitradix

A radix tree that branches on the bits in a key

dnsrouter

Route DNS packets

dreck

Bot to help with GitHub chores

pgo

container gitops in a simple way

rip

RIP protocol implementation in Go

lg-dns

DNS Looking Glass

mutfs

A filesystem where you can create, but not alter files, imMUTable FS.

dnsfmt

Auto format DNS zone files

ssd

nxdomain

CoreDNS plugin: return NXDOMAIN for configured domains

dump

dump all incoming request in coredns

lboverlay

local

CoreDNS plugin that answers "local" queries

caddy-debian

Create debian package for Caddy

access

why - explain why a user can or cannot access a file

cf

CFEngine formatter

nsec4

authenticated denial of existence

denialid

Authenticated Denial of Existence in the DNS

ebpf

ebpf compiler in Go; Write Go, get ebpf

debian

Small CI to create debian packages for various (Go) binaries

nlgids

caddy middleware for nlgids.london

a

ssh2prom

Prometheus metrics from openssh

mmark.nl

mmark.miek.nl website

dname

coderemarks

Annotate source code with remarks in LaTeX

rota

generate oncall rotations

gompletely

completions generation

kubeadam

xdoc

corecheck

Utility to check Markdown files for valid Corefile snippets.

signalds

caddy-user

Caddy module that changes to a different user before serving the request