cryptoki

package

v0.0.0-...-48496ca Latest Latest Go to latest Published: Aug 16, 2018 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ericyan/lorica

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cryptoki implements cryptographic token interface as defined in PKCS #11.

Index ¶

Constants
type KeyPair
- func (kp *KeyPair) Public() crypto.PublicKey
- func (kp *KeyPair) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
type Token
- func OpenToken(modulePath, tokenLabel, pin string) (*Token, error)

Constants ¶

View Source

const (
	RSA   = "rsa"
	ECDSA = "ecdsa"
)

Supported algorithm strings. Compatible with CFSSL.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeyPair ¶

type KeyPair struct {
	// contains filtered or unexported fields
}

KeyPair implements the crypto.Signer interface using a key pair kept in PKCS #11 cryptographic token.

func (*KeyPair) Public ¶

func (kp *KeyPair) Public() crypto.PublicKey

Public returns the public key of the key pair.

func (*KeyPair) Sign ¶

func (kp *KeyPair) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key. The entropy from rand will be ignored.

For RSA, the signature scheme will be RSASSA-PKCS1-v1_5, unless opts is an *rsa.PSSOptions in which case RSASSA-PSS scheme will be used.

For ECDSA, the resulting signature will be a DER-serialised, ASN.1 signature structure.

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

A Token represents a cryptographic token that implements PKCS #11.

func OpenToken ¶

func OpenToken(modulePath, tokenLabel, pin string) (*Token, error)

OpenToken opens a new session with the given cryptographic token.

func (*Token) Close ¶

func (tk *Token) Close() error

Close closes all sessions with the token.

func (*Token) ExportPublicKey ¶

func (tk *Token) ExportPublicKey(pub pkcs11.ObjectHandle) (crypto.PublicKey, error)

ExportPublicKey returns the public key object as crypto.PublicKey.

func (*Token) FindKeyPair ¶

func (tk *Token) FindKeyPair(key crypto.PublicKey) (crypto.Signer, error)

FindKeyPair looks up a key pair inside the token with the public key.

func (*Token) FindObject ¶

func (tk *Token) FindObject(query []*pkcs11.Attribute) (pkcs11.ObjectHandle, error)

FindObject returns the first object it found that matches the query.

func (*Token) GenerateKeyPair ¶

func (tk *Token) GenerateKeyPair(label string, algo string, size int) (crypto.Signer, error)

GenerateKeyPair generates a key pair inside the token.

func (*Token) GetAttribute ¶

func (tk *Token) GetAttribute(obj pkcs11.ObjectHandle, typ uint) ([]byte, error)

GetAttribute obtains the value of a single object attribute. If there are multiple attributes of the same type, it only returns the value of the first one.

func (*Token) GetReadOnlySession ¶

func (tk *Token) GetReadOnlySession() (pkcs11.SessionHandle, error)

GetReadOnlySession returns a read-only session with the token.

func (*Token) GetSession ¶

func (tk *Token) GetSession() (pkcs11.SessionHandle, error)

GetSession returns a writable session with the token.

func (*Token) GetUintAttribute ¶

func (tk *Token) GetUintAttribute(obj pkcs11.ObjectHandle, typ uint) (uint, error)

GetUintAttribute returns the value of a single object attribute as uint.

func (*Token) Info ¶

func (tk *Token) Info() (pkcs11.TokenInfo, error)

Info obtains information about the token.

func (*Token) Sign ¶

func (tk *Token) Sign(msg []byte, priv pkcs11.ObjectHandle, mech uint) ([]byte, error)

Sign signs msg the with the private key using designated mechanism.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL