integrations

module

v0.0.0-...-35a3740 Latest Latest Go to latest Published: Oct 24, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/kms-integrations

README ¶

Cloud KMS Integrations

This repository contains clients that integrate Cloud KMS with standard cryptographic APIs. Presently, this includes the library for PKCS #11, and the CNG provider.

For	Go To
Detailed Product Information	cloud.google.com/kms
Feedback	cloudkms-feedback@google.com

Cloud KMS Library for PKCS #11

The libkmsp11 library exposes cryptographic and key management capabilities from Google Cloud KMS using the PKCS #11 C API. Sources for this library are contained in the kmsp11/ directory in this repository.

Popular uses for the PKCS #11 library include:

Creating signatures, certificates, or certificate signing requests at the command line. Learn more.
Serving TLS web sessions backed by Cloud HSM keys. Learn more.
Migrating an existing application that uses the PKCS #11 API to the cloud.

If you are migrating an existing application that uses the PKCS #11 API to the cloud, you will need to point your application to the new library. In many cases, this is as simple as changing a configuration option, as most applications that use the PKCS #11 API do so by loading a provider's library dynamically. We provide a sample of how you might do this if you are writing a new application.

You can learn more about the PKCS #11 library in the user guide.

Cloud KMS CNG Provider

The CNG provider exposes cryptographic and key management capabilities from Google Cloud KMS using the CNG API. Sources for this library are contained in the kmscng/ directory in this repository.

Popular uses for the CNG provider include:

Signing Windows artifacts using Windows SignTool. Learn more.
Migrating an existing application that uses the CNG API to the cloud.

You can learn more about the CNG provider in the user guide.

General Information

Binary distributions of the libraries are available as Github releases. These binaries built and distributed by Google are covered by the GCP Terms of Service, and support is available from Google Cloud support.

We recommend that you use a binary distribution of these libraries rather than building from source. Support for a library that you build yourself from source is on a best-effort basis, via GitHub issues. Further information about build configurations is available in BUILDING.

Directories ¶

Path	Synopsis
fakekms Package fakekms contains a fake of the Google Cloud Key Management service.	Package fakekms contains a fake of the Google Cloud Key Management service.
contract
fault
main Package main starts a new fakekms server that listens on an OS-supplied port.	Package main starts a new fakekms server that listens on an OS-supplied port.
kmscng
main Package installtestlib contains utilties for dealing with windows installers.	Package installtestlib contains utilties for dealing with windows installers.
kmsp11
tools/buildsigner buildsigner is a simple CLI tool that performs a signature over standard input and writes it to standard output.	buildsigner is a simple CLI tool that performs a signature over standard input and writes it to standard output.
tools/p11fn/templater Package main reads the PKCS#11 function prototypes a CkFuncList textproto and adds them as context while executing the provided text template.	Package main reads the PKCS#11 function prototypes a CkFuncList textproto and adds them as context while executing the provided text template.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL