particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/vendor/github.com/miekg/pkcs11
History
Christian Kellner 986f076276 container: add support for uploading to registries 
Add a new generic container registry client via a new `container`
package. Use this to create a command line utility as well as a
new upload target for container registries.

The code uses the github.com/containers/* project and packages to
interact with container registires that is also used by skopeo,
podman et al. One if the dependencies is `proglottis/gpgme` that
is using cgo to bind libgpgme, so we have to add the corresponding
devel package to the BuildRequires as well as installing it on CI.

Checks will follow later via an integration test.
2022-06-29 10:02:46 +02:00
..
.gitignore container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
error.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
go.mod container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
hsm.db container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
LICENSE container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
Makefile.release container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
params.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs11.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs11.h container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs11f.h container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs11go.h container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs11t.h container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
README.md container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
release.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
softhsm.conf container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
softhsm2.conf container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
types.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
vendor.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
zconst.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00

README.md

PKCS#11

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.

SoftHSM

  • Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

  • Then use softhsm to init it

    softhsm --init-token --slot 0 --label test --pin 1234

  • Then use libsofthsm2.so as the pkcs11 module:

    p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
err := p.Initialize()
if err != nil {
    panic(err)
}

defer p.Destroy()
defer p.Finalize()

slots, err := p.GetSlotList(true)
if err != nil {
    panic(err)
}

session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
    panic(err)
}
defer p.CloseSession(session)

err = p.Login(session, pkcs11.CKU_USER, "1234")
if err != nil {
    panic(err)
}
defer p.Logout(session)

p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
    panic(err)
}

for _, d := range hash {
        fmt.Printf("%x", d)
}
fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.