pkcs11key icon indicating copy to clipboard operation
pkcs11key copied to clipboard

Published 20 hours ago verified publisher icon letsencrypt

Metadata

An interface to PKCS#11 devices that satisfies the crypto.Signer interface

PKCS11Key

The pkcs11key package implements a crypto.Signer interface for a PKCS#11 private key.

If you are using Go modules, you should import this with the module-compatible path github.com/letsencrypt/pkcs11key/v4.

Testing

  • You will need to install SoftHSMv2.
  • Run ./test.sh
  • If you need to regenerate key material, run the following and check the new files back into git.
cd v4/testdata
openssl ecparam -name prime256v1 -genkey | openssl pkcs8 -topk8 -nocrypt > entropic_ecdsa.key
openssl req -new -x509 -key entropic_ecdsa.key -out entropic_ecdsa.pem -days 1000 -subj /CN=entropic\ ECDSA
openssl req -new -newkey rsa:2048 -nodes -x509 -keyout silly_signer.key -out silly_signer.pem -days 1000 -subj /CN=silly\ signer
cd -

License Summary

Some of this code is Copyright (c) 2014 CloudFlare Inc., some is Copyright (c) 2015 Internet Security Research Group.

The code is licensed under the BSD 2-clause license. See the LICENSE file for more details.

Metadata

87
Stars
52
Forks
Watchers

Owner

verified publisher icon letsencrypt

Metadata

An interface to PKCS#11 devices that satisfies the crypto.Signer interface

Back