gen-key

command
v0.0.0-...-d6a33d1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2018 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

gen-key is a tool for generating RSA or ECDSA keys on a HSM using PKCS#11. After generating the key pair it attempts to extract and construct the public key and verifies a test message that was signed using the generated private key. Any action it takes should be thoroughly logged and documented.

When generating a key this tool follows the following steps:

  1. Constructs templates for the private and public keys consisting of the appropriate PKCS#11 attributes.
  2. Executes a PKCS#11 GenerateKeyPair operation with the constructed templates and either CKM_RSA_PKCS_KEY_PAIR_GEN or CKM_EC_KEY_PAIR_GEN (or CKM_ECDSA_KEY_PAIR_GEN for pre-PKCS#11 v2.11 devices).
  3. Extracts the public key components from the returned public key object handle and construct a Golang public key object from them.
  4. Generates 4 bytes of random data from the HSM using a PKCS#11 GenerateRandom operation.
  5. Signs the random data with the private key object handle using a PKCS#11 SignInit/Sign operation.
  6. Verifies the returned signature of the random data with the constructed public key.
  7. Marshals the public key into a PEM public key object and print it to STDOUT.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL