pkcs11

package

v0.3.0 Latest Latest Go to latest Published: Sep 7, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-pkcs11

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pkcs11 implements logic for using PKCS #11 shared libraries.

Index ¶

type Certificate
- func (c *Certificate) Type() CertificateType
- func (c *Certificate) X509() (*x509.Certificate, error)
type CertificateType
type Class
- func (c Class) String() string
type Error
- func (e *Error) Error() string
type Filter
type Info
type Module
- func Open(path string) (*Module, error)
type Object
type Options
type Slot
- func (s *Slot) Close() error
- func (s *Slot) Objects(opts Filter) (objs []Object, err error)
type SlotInfo
type Version

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate holds a certificate object. Because certificates object can hold various kinds of certificates, callers should check the type before calling methods that parse the certificate.

cert, err := obj.Certificate()
if err != nil {
	// ...
}
if cert.Type() != pkcs11.CertificateX509 {
	// unexpected kind of certificate ...
}
x509Cert, err := cert.X509()

func (*Certificate) Type ¶

func (c *Certificate) Type() CertificateType

Type returns the format of the underlying certificate.

func (*Certificate) X509 ¶

func (c *Certificate) X509() (*x509.Certificate, error)

X509 parses the underlying certificate as an X.509 certificate.

If the certificate holds a different type of certificate, this method returns an error.

type CertificateType ¶

type CertificateType int

CertificateType determines the kind of certificate a certificate object holds. This can be X.509, WTLS, GPG, etc.

http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc416959709

const (
	CertificateX509 CertificateType = iota + 1
	CertificateUnknown
)

Certificate types supported by this package.

type Class ¶

type Class int

Class is the primary object type. Such as a certificate, public key, or private key.

const (
	ClassData             Class = 0x00000000
	ClassCertificate      Class = 0x00000001
	ClassPublicKey        Class = 0x00000002
	ClassPrivateKey       Class = 0x00000003
	ClassSecretKey        Class = 0x00000004
	ClassDomainParameters Class = 0x00000006
)

Set of classes supported by this package.

func (Class) String ¶

func (c Class) String() string

String returns a human readable version of the object class.

type Error ¶

type Error struct {
	// contains filtered or unexported fields
}

Error is returned for cryptokit specific API codes.

func (*Error) Error ¶

func (e *Error) Error() string

type Filter ¶

type Filter struct {
	Class Class
	Label string
}

Filter hold options for returning a subset of objects from a slot.

The returned object will match all provided parameters. For example, if Class=ClassPrivateKey and Label="foo", the returned object must be a private key with label "foo".

type Info ¶

type Info struct {
	// Manufacturer of the implementation. When multiple PKCS #11 devices are
	// present this is used to differentiate devices.
	Manufacturer string
	// Version of the module.
	Version Version
	// Human readable description of the module.
	Description string
}

Info holds global information about the module.

type Module ¶

type Module struct {
	// contains filtered or unexported fields
}

Module represents an opened shared library. By default, this package requests locking support from the module, but concurrent safety may depend on the underlying library.

func Open ¶

func Open(path string) (*Module, error)

Open dlopens a shared library by path, initializing the module.

func (*Module) Close ¶

func (m *Module) Close() error

Close finalizes the module and releases any resources associated with the shared library.

func (*Module) Info ¶

func (m *Module) Info() Info

Info returns additional information about the module.

func (*Module) Slot ¶

func (m *Module) Slot(id uint32, opts Options) (*Slot, error)

Slot creates a session with the given slot, by default read-only. Users must call Close to release the session.

The returned Slot's behavior is undefined once the Module is closed.

func (*Module) SlotIDs ¶

func (m *Module) SlotIDs() ([]uint32, error)

SlotIDs returns the IDs of all slots associated with this module, including ones that haven't been initialized.

func (*Module) SlotInfo ¶

func (m *Module) SlotInfo(id uint32) (*SlotInfo, error)

SlotInfo queries for information about the slot, such as the label.

type Object ¶

type Object struct {
	// contains filtered or unexported fields
}

Object represents a single object stored within a slot. For example a key or certificate.

func (Object) Certificate ¶

func (o Object) Certificate() (*Certificate, error)

Certificate parses the underlying object as a certificate. If the object isn't a certificate, this method fails.

func (Object) Class ¶

func (o Object) Class() Class

Class returns the type of the object stored. For example, certificate, public key, or private key.

func (Object) Label ¶

func (o Object) Label() (string, error)

Label returns a string value attached to an object, which can be used to identify or group sets of keys and certificates.

func (Object) PrivateKey ¶

func (o Object) PrivateKey(pub crypto.PublicKey) (crypto.PrivateKey, error)

PrivateKey parses the underlying object as a private key. Both RSA and ECDSA keys are supported.

The returned PrivateKey implements crypto.Signer and optionally crypto.Decrypter depending on the supported mechanisms.

If the object isn't a public key, this method fails.

func (Object) PublicKey ¶

func (o Object) PublicKey() (crypto.PublicKey, error)

PublicKey parses the underlying object as a public key. Both RSA and ECDSA keys are supported.

If the object isn't a public key, this method fails.

type Options ¶

type Options struct {
	PIN      string
	AdminPIN string
	// ReadWrite indicates that the slot should be opened with write capabilities,
	// such as generating keys or importing certificates.
	//
	// By default, sessions can access objects and perform signing requests.
	ReadWrite bool
}

Options holds configuration options for the slot session.

type Slot ¶

type Slot struct {
	// contains filtered or unexported fields
}

Slot represents a session to a slot.

A slot holds a listable set of objects, such as certificates and cryptographic keys.

func (*Slot) Close ¶

func (s *Slot) Close() error

Close releases the slot session.

func (*Slot) Objects ¶

func (s *Slot) Objects(opts Filter) (objs []Object, err error)

Objects searches a slot for objects that match the given options, or all objects if no options are provided.

The returned objects behavior is undefined once the Slot object is closed.

type SlotInfo ¶

type SlotInfo struct {
	Label  string
	Model  string
	Serial string

	Description string
}

SlotInfo holds information about the slot and underlying token.

type Version ¶

type Version struct {
	Major uint8
	Minor uint8
}

Version holds a major and minor version.

Source Files ¶

View all Source files

pkcs11.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL