README
¶
PKCS #11 Provider
This project implements the PKCS #11 Cryptographic Token Interface Base Specification Version 3.0 API and provides an RPC interface over Unix domain sockets to communicate with the token implementation. The implementation has the following components:
-
library implements the PKCS #11 interface as a shared library. The PKCS #11 functions are defined in
.rpcfiles and they are translated into.cfiles with the RPC compiler. -
RPC Compiler which is used to generated the PKCS #11 stub functions from the RPC definitions. The RPC Compiler is implemented in Go programming language.
-
Software Token implementing PKCS #11 operations. The token is implemented in Go and (will) support all modern PKCS #11 cryptographic operations.
-
Java PKCS #11 Test to test the PKCS #11 interface from Java.
Example Usage
Start token:
$ cd cmd/token
$ ./token
Run pkcs11-testing test program:
$ cd ~/work/pkcs11-testing
$ ./pkcs11-testing --module ~/go/src/github.com/markkurossi/pkcs11-provider/library/libvpkcs11.so --slot 0 --pin 1111 --test-all
Java's SunPKCS11 provider:
$ cd java
$ javac PKCS11Test
$ java PKCS11Test
AWS CloudHSM examples:
$ cd aws-cloudhsm-pkcs11-examples
$ make
$ make test
TODO
- Framework:
- Launch token from
libvpkcs11.so - Non-volatile token storage
- Token configuration file
- Test compatibility with Firefox
- Launch token from
- Test compatibility with aws-cloudhsm-pkcs11-examples
- tools/import_pub_key.c
- tools/wrap_with_imported_rsa_key.c
- derivation/ecdh.c
- derivation/hmac_kdf.c
- wrapping/unwrap_with_template.c
- wrapping/aes_wrapping.c
- wrapping/rsa_wrapping.c
- wrapping/aes_gcm_wrapping.c
- wrapping/wrap_with_template.c
- wrapping/aes_no_padding_wrapping.c
- wrapping/aes_zero_padding_wrapping.c
- encrypt/des_ecb.c
- Crypto provider with Go:
- Ed25519 public key algorithm
- Message sign and verify
- Dual function
- RPC compiler (ugly but it works):
- Cleanup field input/output handling and types
- Remove old unused input/output code
Directories