Documentation ¶
Overview ¶
pkcs11 provides helpers for working with certificates via PKCS#11 APIs provided by go-pkcs11
Index ¶
- func ParseHexString(str string) (i uint32, err error)
- type Key
- func (k *Key) CertificateChain() [][]byte
- func (k *Key) Close()
- func (k *Key) Decrypt(msg []byte, opts crypto.DecrypterOpts) ([]byte, error)
- func (k *Key) Encrypt(plaintext []byte, opts any) ([]byte, error)
- func (k *Key) Public() crypto.PublicKey
- func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseHexString ¶
ParseHexString parses hexadecimal string into uint32
Types ¶
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key is a wrapper around the pkcs11 module and uses it to implement signing-related methods.
func Cred ¶
Cred returns a Key wrapping the first valid certificate in the pkcs11 module matching a given slot and label.
func (*Key) CertificateChain ¶
CertificateChain returns the credential as a raw X509 cert chain. This contains the public key.
func (*Key) Decrypt ¶ added in v0.3.0
Decrypt decrypts a ciphertext message digest using the private key. Here, we pass off the decryption to pkcs11 library.
func (*Key) Encrypt ¶ added in v0.3.0
Encrypt encrypts a plaintext message digest using the public key. Here, we use standard golang API.