Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

crypto11

package module

Go to main page

Versions in this module

v1

v1.2.7

Jul 7, 2024

Changes in this version

+ const CkaAcIssuer

+ const CkaAllowedMechanisms

+ const CkaAlwaysAuthenticate

+ const CkaAlwaysSensitive

+ const CkaApplication

+ const CkaAttrTypes

+ const CkaAuthPinFlags

+ const CkaBase

+ const CkaBitsPerPixel

+ const CkaCertificateCategory

+ const CkaCertificateType

+ const CkaCharColumns

+ const CkaCharRows

+ const CkaCharSets

+ const CkaCheckValue

+ const CkaClass

+ const CkaCoefficient

+ const CkaColor

+ const CkaCopyable

+ const CkaDecrypt

+ const CkaDefaultCmsAttributes

+ const CkaDerive

+ const CkaDestroyable

+ const CkaEcParams

+ const CkaEcPoint

+ const CkaEcdsaParams

+ const CkaEncodingMethods

+ const CkaEncrypt

+ const CkaEndDate

+ const CkaExponent1

+ const CkaExponent2

+ const CkaExtractable

+ const CkaGOST28147Params

+ const CkaGOSTR3410Params

+ const CkaGOSTR3411Params

+ const CkaHasReset

+ const CkaHashOfIssuerPublicKey

+ const CkaHashOfSubjectPublicKey

+ const CkaHwFeatureType

+ const CkaId

+ const CkaIssuer

+ const CkaJavaMIDPSecurityDomain

+ const CkaKeyGenMechanism

+ const CkaKeyType

+ const CkaLabel

+ const CkaLocal

+ const CkaMechanismType

+ const CkaMimeTypes

+ const CkaModifiable

+ const CkaModulus

+ const CkaModulusBits

+ const CkaNameHashAlgorithm

+ const CkaNeverExtractable

+ const CkaObjectId

+ const CkaOtpChallengeRequirement

+ const CkaOtpCounter

+ const CkaOtpCounterRequirement

+ const CkaOtpFormat

+ const CkaOtpLength

+ const CkaOtpPinRequirement

+ const CkaOtpServiceIdentifier

+ const CkaOtpServiceLogo

+ const CkaOtpServiceLogoType

+ const CkaOtpTime

+ const CkaOtpTimeInterval

+ const CkaOtpTimeRequirement

+ const CkaOtpUserFriendlyMode

+ const CkaOtpUserIdentifier

+ const CkaOwner

+ const CkaPixelX

+ const CkaPixelY

+ const CkaPrime

+ const CkaPrime1

+ const CkaPrime2

+ const CkaPrimeBits

+ const CkaPrivate

+ const CkaPrivateExponent

+ const CkaPublicExponent

+ const CkaPublicKeyInfo

+ const CkaRequiredCmsAttributes

+ const CkaResetOnInit

+ const CkaResolution

+ const CkaSecondaryAuth

+ const CkaSensitive

+ const CkaSerialNumber

+ const CkaSign

+ const CkaSignRecover

+ const CkaStartDate

+ const CkaSubPrimeBits

+ const CkaSubject

+ const CkaSubprime

+ const CkaSubprimeBits

+ const CkaSupportedCmsAttributes

+ const CkaToken

+ const CkaTrusted

+ const CkaUnwrap

+ const CkaUnwrapTemplate

+ const CkaUrl

+ const CkaValue

+ const CkaValueBits

+ const CkaValueLen

+ const CkaVerify

+ const CkaVerifyRecover

+ const CkaWrap

+ const CkaWrapTemplate

+ const CkaWrapWithTrusted

+ const CryptoUser

+ const DefaultGCMIVLength

+ const DefaultUserType

+ type Attribute = pkcs11.Attribute

+ func CopyAttribute(a *Attribute) *Attribute

+ func NewAttribute(attributeType AttributeType, value interface{}) (a *Attribute, err error)

+ type AttributeSet map[AttributeType]*Attribute

+ func NewAttributeSet() AttributeSet

+ func NewAttributeSetWithID(id []byte) (AttributeSet, error)

+ func NewAttributeSetWithIDAndLabel(id, label []byte) (a AttributeSet, err error)

+ func (a AttributeSet) AddIfNotPresent(additional []*Attribute)

+ func (a AttributeSet) Copy() AttributeSet

+ func (a AttributeSet) Set(attributeType AttributeType, value interface{}) error

+ func (a AttributeSet) String() string

+ func (a AttributeSet) ToSlice() []*Attribute

+ func (a AttributeSet) Unset(attributeType AttributeType)

+ type AttributeType = uint

+ type Config struct

+ GCMIVFromHSMControl GCMIVFromHSMConfig

+ GCMIVLength int

+ LoginNotSupported bool

+ MaxSessions int

+ PKCS11Ctx *pkcs11.Ctx

+ Path string

+ Pin string

+ PoolWaitTimeout time.Duration

+ SlotNumber *int

+ TokenLabel string

+ TokenSerial string

+ UseGCMIVFromHSM bool

+ UserType int

+ type Context struct

+ func (c *Context) Close() error

+ func (c *Context) DeleteCertificate(id []byte, label []byte, serial *big.Int) error

+ func (c *Context) FindAllKeyPairs() ([]Signer, error)

+ func (c *Context) FindAllKeys() ([]*SecretKey, error)

+ func (c *Context) FindAllPairedCertificates() (certificates []tls.Certificate, err error)

+ func (c *Context) FindCertificate(id []byte, label []byte, serial *big.Int) (*x509.Certificate, error)

+ func (c *Context) FindKey(id []byte, label []byte) (*SecretKey, error)

+ func (c *Context) FindKeyPair(id []byte, label []byte) (Signer, error)

+ func (c *Context) FindKeyPairWithAttributes(attributes AttributeSet) (Signer, error)

+ func (c *Context) FindKeyPairs(id []byte, label []byte) (signer []Signer, err error)

+ func (c *Context) FindKeyPairsWithAttributes(attributes AttributeSet) (signer []Signer, err error)

+ func (c *Context) FindKeyWithAttributes(attributes AttributeSet) (*SecretKey, error)

+ func (c *Context) FindKeys(id []byte, label []byte) (key []*SecretKey, err error)

+ func (c *Context) FindKeysWithAttributes(attributes AttributeSet) ([]*SecretKey, error)

+ func (c *Context) GenerateDSAKeyPair(id []byte, params *dsa.Parameters) (Signer, error)

+ func (c *Context) GenerateDSAKeyPairWithAttributes(public, private AttributeSet, params *dsa.Parameters) (Signer, error)

+ func (c *Context) GenerateDSAKeyPairWithLabel(id, label []byte, params *dsa.Parameters) (Signer, error)

+ func (c *Context) GenerateECDSAKeyPair(id []byte, curve elliptic.Curve) (Signer, error)

+ func (c *Context) GenerateECDSAKeyPairWithAttributes(public, private AttributeSet, curve elliptic.Curve) (Signer, error)

+ func (c *Context) GenerateECDSAKeyPairWithLabel(id, label []byte, curve elliptic.Curve) (Signer, error)

+ func (c *Context) GenerateRSAKeyPair(id []byte, bits int) (SignerDecrypter, error)

+ func (c *Context) GenerateRSAKeyPairWithAttributes(public, private AttributeSet, bits int) (SignerDecrypter, error)

+ func (c *Context) GenerateRSAKeyPairWithLabel(id, label []byte, bits int) (SignerDecrypter, error)

+ func (c *Context) GenerateSecretKey(id []byte, bits int, cipher *SymmetricCipher) (*SecretKey, error)

+ func (c *Context) GenerateSecretKeyWithAttributes(template AttributeSet, bits int, cipher *SymmetricCipher) (k *SecretKey, err error)

+ func (c *Context) GenerateSecretKeyWithLabel(id, label []byte, bits int, cipher *SymmetricCipher) (*SecretKey, error)

+ func (c *Context) GetAttribute(key interface{}, attribute AttributeType) (a *Attribute, err error)

+ func (c *Context) GetAttributes(key interface{}, attributes []AttributeType) (a AttributeSet, err error)

+ func (c *Context) GetPubAttribute(key interface{}, attribute AttributeType) (a *Attribute, err error)

+ func (c *Context) GetPubAttributes(key interface{}, attributes []AttributeType) (a AttributeSet, err error)

+ func (c *Context) ImportCertificate(id []byte, certificate *x509.Certificate) error

+ func (c *Context) ImportCertificateWithAttributes(template AttributeSet, certificate *x509.Certificate) error

+ func (c *Context) ImportCertificateWithLabel(id []byte, label []byte, certificate *x509.Certificate) error

+ func (c *Context) NewRandomReader() (io.Reader, error)

+ type GCMIVFromHSMConfig struct

+ SupplyIvForHSMGCMDecrypt bool

+ SupplyIvForHSMGCMEncrypt bool

+ type PaddingMode int

+ type SecretKey struct

+ Cipher *SymmetricCipher

+ func (key *SecretKey) BlockSize() int

+ func (key *SecretKey) Decrypt(dst, src []byte)

+ func (key *SecretKey) Delete() error

+ func (key *SecretKey) Encrypt(dst, src []byte)

+ func (key *SecretKey) NewCBC(paddingMode PaddingMode) (cipher.AEAD, error)

+ func (key *SecretKey) NewCBCDecrypter(iv []byte) (cipher.BlockMode, error)

+ func (key *SecretKey) NewCBCDecrypterCloser(iv []byte) (BlockModeCloser, error)

+ func (key *SecretKey) NewCBCEncrypter(iv []byte) (cipher.BlockMode, error)

+ func (key *SecretKey) NewCBCEncrypterCloser(iv []byte) (BlockModeCloser, error)

+ func (key *SecretKey) NewGCM() (cipher.AEAD, error)

+ func (key *SecretKey) NewHMAC(mech int, length int) (hash.Hash, error)

+ type Signer interface

+ Delete func() error

+ type SignerDecrypter interface

+ Decrypt func(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)

v0

v0.1.0

Mar 8, 2019

Changes in this version

+ const CKM_NCIPHER

+ const CKM_NC_MD5_HMAC_KEY_GEN

+ const CKM_NC_SHA224_HMAC_KEY_GEN

+ const CKM_NC_SHA256_HMAC_KEY_GEN

+ const CKM_NC_SHA384_HMAC_KEY_GEN

+ const CKM_NC_SHA512_HMAC_KEY_GEN

+ const CKM_NC_SHA_1_HMAC_KEY_GEN

+ const DefaultMaxSessions

+ const NFCK_VENDOR_NCIPHER

+ const PaddingNone

+ const PaddingPKCS

+ var CipherAES = SymmetricCipher

+ var CipherDES3 = SymmetricCipher

+ var CipherGeneric = SymmetricCipher

+ var CipherHMACSHA1 = SymmetricCipher

+ var CipherHMACSHA224 = SymmetricCipher

+ var CipherHMACSHA256 = SymmetricCipher

+ var CipherHMACSHA384 = SymmetricCipher

+ var CipherHMACSHA512 = SymmetricCipher

+ var Ciphers = map[int]*SymmetricCipher

+ var ErrCannotGetRandomData = errors.New("crypto11: cannot get random data from PKCS#11")

+ var ErrCannotOpenPKCS11 = errors.New("crypto11: could not open PKCS#11")

+ var ErrHmacClosed = errors.New("already called Sum()")

+ var ErrKeyNotFound = errors.New("crypto11: could not find PKCS#11 key")

+ var ErrMalformedDER = errors.New("crypto11: malformed DER message")

+ var ErrMalformedPoint = errors.New("crypto11/ecdsa: malformed elliptic curve point")

+ var ErrMalformedRSAKey = errors.New("crypto11/rsa: malformed RSA key")

+ var ErrMalformedSignature = errors.New("crypto11xo: malformed signature")

+ var ErrNotConfigured = errors.New("crypto11: PKCS#11 not yet configured")

+ var ErrTokenNotFound = errors.New("crypto11: could not find PKCS#11 token")

+ var ErrUnrecognizedRSAOptions = errors.New("crypto11/rsa: unrecognized RSA options type")

+ var ErrUnsupportedEllipticCurve = errors.New("crypto11/ecdsa: unsupported elliptic curve")

+ var ErrUnsupportedKeyType = errors.New("crypto11: unrecognized key type")

+ var ErrUnsupportedRSAOptions = errors.New("crypto11/rsa: unsupported RSA option value")

+ func Close() error

+ func Configure(config *PKCS11Config) (*pkcs11.Ctx, error)

+ func ConfigureFromFile(configLocation string) (ctx *pkcs11.Ctx, err error)

+ func FindKeyPair(id []byte, label []byte) (crypto.PrivateKey, error)

+ func FindKeyPairOnSession(session *PKCS11Session, slot uint, id []byte, label []byte) (crypto.PrivateKey, error)

+ func FindKeyPairOnSlot(slot uint, id []byte, label []byte) (crypto.PrivateKey, error)

+ type BlockModeCloser interface

+ Close func()

+ type PKCS11Config struct

+ IdleTimeout time.Duration

+ MaxSessions int

+ Path string

+ Pin string

+ PoolWaitTimeout time.Duration

+ TokenLabel string

+ TokenSerial string

+ type PKCS11Object struct

+ Handle pkcs11.ObjectHandle

+ Slot uint

+ func (object *PKCS11Object) Identify() (id []byte, label []byte, err error)

+ type PKCS11PrivateKey struct

+ PubKey crypto.PublicKey

+ func (signer PKCS11PrivateKey) Public() crypto.PublicKey

+ type PKCS11PrivateKeyDSA struct

+ func GenerateDSAKeyPair(params *dsa.Parameters) (*PKCS11PrivateKeyDSA, error)

+ func GenerateDSAKeyPairOnSession(session *PKCS11Session, slot uint, id []byte, label []byte, ...) (*PKCS11PrivateKeyDSA, error)

+ func GenerateDSAKeyPairOnSlot(slot uint, id []byte, label []byte, params *dsa.Parameters) (*PKCS11PrivateKeyDSA, error)

+ func (signer *PKCS11PrivateKeyDSA) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

+ type PKCS11PrivateKeyECDSA struct

+ func GenerateECDSAKeyPair(c elliptic.Curve) (*PKCS11PrivateKeyECDSA, error)

+ func GenerateECDSAKeyPairOnSession(session *PKCS11Session, slot uint, id []byte, label []byte, c elliptic.Curve) (*PKCS11PrivateKeyECDSA, error)

+ func GenerateECDSAKeyPairOnSlot(slot uint, id []byte, label []byte, c elliptic.Curve) (*PKCS11PrivateKeyECDSA, error)

+ func (signer *PKCS11PrivateKeyECDSA) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

+ type PKCS11PrivateKeyRSA struct

+ func GenerateRSAKeyPair(bits int) (*PKCS11PrivateKeyRSA, error)

+ func GenerateRSAKeyPairOnSession(session *PKCS11Session, slot uint, id []byte, label []byte, bits int) (*PKCS11PrivateKeyRSA, error)

+ func GenerateRSAKeyPairOnSlot(slot uint, id []byte, label []byte, bits int) (*PKCS11PrivateKeyRSA, error)

+ func (priv *PKCS11PrivateKeyRSA) Decrypt(rand io.Reader, ciphertext []byte, options crypto.DecrypterOpts) (plaintext []byte, err error)

+ func (priv *PKCS11PrivateKeyRSA) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

+ func (priv *PKCS11PrivateKeyRSA) Validate() error

+ type PKCS11RandReader struct

+ func (reader PKCS11RandReader) Read(data []byte) (n int, err error)

+ type PKCS11SecretKey struct

+ Cipher *SymmetricCipher

+ func FindKey(id []byte, label []byte) (*PKCS11SecretKey, error)

+ func FindKeyOnSession(session *PKCS11Session, slot uint, id []byte, label []byte) (key *PKCS11SecretKey, err error)

+ func FindKeyOnSlot(slot uint, id []byte, label []byte) (*PKCS11SecretKey, error)

+ func GenerateSecretKey(bits int, cipher *SymmetricCipher) (*PKCS11SecretKey, error)

+ func GenerateSecretKeyOnSession(session *PKCS11Session, slot uint, id []byte, label []byte, bits int, ...) (key *PKCS11SecretKey, err error)

+ func GenerateSecretKeyOnSlot(slot uint, id []byte, label []byte, bits int, cipher *SymmetricCipher) (*PKCS11SecretKey, error)

+ func (key *PKCS11SecretKey) BlockSize() int

+ func (key *PKCS11SecretKey) Decrypt(dst, src []byte)

+ func (key *PKCS11SecretKey) Encrypt(dst, src []byte)

+ func (key *PKCS11SecretKey) NewCBC(paddingMode int) (g cipher.AEAD, err error)

+ func (key *PKCS11SecretKey) NewCBCDecrypter(iv []byte) (bm cipher.BlockMode, err error)

+ func (key *PKCS11SecretKey) NewCBCDecrypterCloser(iv []byte) (bmc BlockModeCloser, err error)

+ func (key *PKCS11SecretKey) NewCBCEncrypter(iv []byte) (bm cipher.BlockMode, err error)

+ func (key *PKCS11SecretKey) NewCBCEncrypterCloser(iv []byte) (bmc BlockModeCloser, err error)

+ func (key *PKCS11SecretKey) NewGCM() (g cipher.AEAD, err error)

+ func (key *PKCS11SecretKey) NewHMAC(mech int, length int) (h hash.Hash, err error)

+ type PKCS11Session struct

+ Ctx *pkcs11.Ctx

+ Handle pkcs11.SessionHandle

+ func (session *PKCS11Session) Close()

+ func (session *PKCS11Session) CloseSession() error

+ type SymmetricCipher struct

+ BlockSize int

+ CBCMech uint

+ CBCPKCSMech uint

+ ECBMech uint

+ Encrypt bool

+ GCMMech uint

+ GenParams []SymmetricGenParams

+ MAC bool

+ type SymmetricGenParams struct

+ GenMech uint

+ KeyType uint