hpcs-grep11-go

module

v1.2.2 Latest Latest Go to latest Published: May 2, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IBM-Cloud/hpcs-grep11-go

Links

Open Source Insights

README ¶

Overview

This repository contains software used to connect and interact with the IBM Cloud Hyper Protect Crypto Services offering. For more information regarding this service please review the IBM Cloud Hyper Protect Services documentation. The contents of this repository use go modules, and therefore, this repository can be cloned into any local directory; there is no need to place it in your GOPATH.

To view the documentation of the hpcs-grep11 Go module contained in this repository, type the command godoc (requires the installation of Go) from the cloned repository's main directory and open a browser to http://localhost:6060/pkg/github.com/IBM-Cloud/hpcs-grep11-go/. See step 1 in the section below for instructions on how to install Go.

Code Examples

Included in this repository are working examples written in Go. The examples show how to use the IBM Cloud Hyper Protect Services offering to accomplish the following operations:

Key generation
Encrypt and decrypt
Sign and verify
Wrap and unwrap keys
Derive keys
Build message digest
Retrieve mechanism information

Example setup and execution

Install Go.
Clone this repository into a local directory of your choice. Go modules are used for this repository, so there is no need to place the cloned repository in your GOPATH.
Update the following information in the examples/server_test.go file.

NOTE: This information can obtained by logging in to your IBM Cloud account and viewing your Hyper Protect Crypto Serverices instance and IAM information. See the GREP11 API documentation for more information about GREP11.
```
// The following IBM Cloud HPCS service items need to be changed prior to running the sample program:

var (
    Address        = "<grep11_server_address>:<port>"
    APIKey         = "<ibm_cloud_apikey>"
)
```
From the <path>/hpcs-grep11-go/examples directory, execute the examples by issuing the command: go test -v -run Example

The sample program produces output similar to the following:

=== RUN   Example_getMechanismInfo
--- PASS: Example_getMechanismInfo (1.87s)
=== RUN   Example_generateGenericKey
--- PASS: Example_generateGenericKey (0.29s)
=== RUN   Example_encryptAndDecryptUsingAES
--- PASS: Example_encryptAndDecryptUsingAES (0.80s)
=== RUN   Example_digest
--- PASS: Example_digest (0.58s)
=== RUN   Example_signAndVerifyUsingRSAKeyPair
--- PASS: Example_signAndVerifyUsingRSAKeyPair (0.54s)
=== RUN   Example_signAndVerifyUsingDSAKeyPair
--- PASS: Example_signAndVerifyUsingDSAKeyPair (5.28s)
=== RUN   Example_deriveKeyUsingDHKeyPair
--- PASS: Example_deriveKeyUsingDHKeyPair (3.42s)
=== RUN   Example_signAndVerifyUsingECDSAKeyPair
--- PASS: Example_signAndVerifyUsingECDSAKeyPair (0.55s)
=== RUN   Example_signAndVerifyToTestErrorHandling
--- PASS: Example_signAndVerifyToTestErrorHandling (1.89s)
=== RUN   Example_wrapAndUnwrapKey
--- PASS: Example_wrapAndUnwrapKey (0.50s)
=== RUN   Example_deriveKey
--- PASS: Example_deriveKey (0.65s)
=== RUN   Example_tls
--- PASS: Example_tls (0.39s)
PASS
ok      github.com/IBM-Cloud/hpcs-grep11-go/examples    17.450s

NOTE: By default the rewrapKeyBlob test is skipped. This test acts as sample code that can be used to reencrypt your existing keys with a new HSM wrapping key. See figure 8 on page 27 and page 37 in https://www.ibm.com/downloads/cas/WXRDPRAN for additional information on how existing keys can be reencrypted. This operation requires coordination between the end-user and the IBM Cloud Hyper Protect Crypto Services instance's administrator(s).

General Function Call Workflow

GREP11 can perform encrypt, decrypt, digest, sign and verify operations. For each operation, there are a series of sub-operations or functions.

For example, the Encrypt operation consists of EncryptInit(), Encrypt(), EncryptUpdate(), EncryptFinal() and EncryptSingle() sub-operations.

GREP11 sub-operations for Encrypt:

EncryptInit() is used to initialize an operation and must be run prior to Encrypt(), EncryptUpdate(), or EncryptFinal() calls
Encrypt() is used to encrypt data without the need to perform EncryptUpdate() or EncryptFinal() sub-operations.
EncryptUpdate() is used to perform update operations as part of a multi-part operation
EncryptFinal() is used to perform final operations as part of a multi-part operation
EncryptSingle() is an IBM EP11 extension to the standard PKCS #11 specification and used to perform a single call without the need to use the Init, Update, and Final sub-operations

The following diagram shows the three calling sequence flows that can be used for Encrypt, Decrypt, Digest, Sign and Verify operations:

function work flow

Directories ¶

Path	Synopsis
ep11
examples Package examples contains sample code that uses the GREP11 API to communicate with an IBM Cloud HPCS instance.	Package examples contains sample code that uses the GREP11 API to communicate with an IBM Cloud HPCS instance.
grpc
util Package util provides helper data types and functions for the GREP11 examples	Package util provides helper data types and functions for the GREP11 examples

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL