boulder: github.com/letsencrypt/boulder/cmd/gen-key Files

Command gen-key

gen-key is a tool for generating RSA or ECDSA keys on a HSM using PKCS#11. After generating the key pair it attempts to extract and construct the public key and verifies a test message that was signed using the generated private key. Any action it takes should be thoroughly logged and documented.

When generating a key this tool follows the following steps:

1. Constructs templates for the private and public keys consisting
   of the appropriate PKCS#11 attributes.
2. Executes a PKCS#11 GenerateKeyPair operation with the constructed
   templates and either CKM_RSA_PKCS_KEY_PAIR_GEN or CKM_EC_KEY_PAIR_GEN.
3. Extracts the public key components from the returned public key object
   handle and construct a Golang public key object from them.
4. Generates 4 bytes of random data from the HSM using a PKCS#11 GenerateRandom
   operation.
5. Signs the random data with the private key object handle using a PKCS#11
   SignInit/Sign operation.
6. Verifies the returned signature of the random data with the constructed
   public key.
7. Marshals the public key into a PEM public key object and print it to STDOUT.

Package Files

ecdsa.go main.go rsa.go

Package main imports 17 packages (graph). Updated 2018-07-17. Refresh now. Tools for package owners.