pkcs11

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2021 License: MIT Imports: 5 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// AuthKeyLabel         string = "PIV AUTH key"
	// AuthPubkeyLabel      string = "PIV AUTH pubkey"
	AuthCertificateLabel string = "Certificate for PIV Authentication"

	// SignKeyLabel         string = "SIGN key"
	// SignPubkeyLabel      string = "SIGN pubkey"
	SignCertificateLabel string = "Certificate for Digital Signature"

	// CardAuthKeyLabel         string = "CARD AUTH key"
	// CardAuthPubkeyLabel      string = "CARD AUTH pubkey"
	CardAuthCertificateLabel string = "Certificate for Card Authentication"

	//
	//
	KeyManagementCertificateLabel string = "Certificate for Key Management"

	// FingerprintLabel string = "Cardholder Fingerprints"
	FacialLabel string = "Cardholder Facial Image"
)

Variables

View Source 
var (
	NotFound = fmt.Errorf("piv: pkcs11: Not Found")
)

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Full path to the PKCS#11 object on the filesystem. The exact value
	// of this depends on the host, but should usually end in a .so
	Module string

	// Optional PIN for the PKCS#11 token. If this is nil, no PIN will be
	// sent to the device.
	PIN *string

	//
	TokenLabel string
}

HSM Configuration object, to define which PKCS#11 .so module to use, Certificate and Private Key strings, a PIN (if needed), and the label of the token.

func (Config) GetCertificateTemplate 

func (c Config) GetCertificateTemplate(label string) []*pkcs11.Attribute

Create a pkcs11.Attribute array containing constraints that should uniquely identify the PKCS#11 Certificate we're interested in

func (Config) GetDataTemplate 

func (c Config) GetDataTemplate(label string) []*pkcs11.Attribute

Create a pkcs11.Attribute array containing constraints that should uniquely identify the PKCS#11 Certificate we're interested in

func (Config) SelectSlot 

func (c Config) SelectSlot(context *pkcs11.Ctx, slots []uint) (uint, error)

Given a pkcs11.Ctx, and a list of slots, figure out which slot is the slot we're interested in, returning an error if there's nothing we should be using.

type Token 

type Token struct {
	// contains filtered or unexported fields
}

internal hsm.Store encaupsulating state. This implements the store.Store interface, as well as crypto.Signer, and crypto.Decryptor.

func New 

func New(config Config) (*Token, error)

Create a new hsm.Store defined by the hsm.Config. If no slot can be found, or the underlying infrastructure throws a problem at us, we will return an error.

func (Token) AuthenticationCertificate 

func (t Token) AuthenticationCertificate() (*piv.Certificate, error)

func (Token) CardAuthenticationCertificate 

func (t Token) CardAuthenticationCertificate() (*piv.Certificate, error)

func (Token) Close 

func (s Token) Close() error

Method to log out of the Token, and close any open sessions we might have open. This method ought to be defer'd after creating a new hsm.Store.

func (Token) DigitalSignatureCertificate 

func (t Token) DigitalSignatureCertificate() (*piv.Certificate, error)

func (Token) Facial 

func (t Token) Facial() (*cbeff.CBEFF, error)

func (Token) KeyManagementCertificate 

func (t Token) KeyManagementCertificate() (*piv.Certificate, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.