I'm currently extending the "crypto/x509" package to work with key
materials stored on a HSM via the "github.com/miekg/pkcs11" package.

While all the internal structs as 'tbsCertificate', 'nameConstraints' and
many others stay the same it's the handling in 'CreateCertificate' or
'CreateCRL' that is slightly different, in PKCS#11 you don't have access to
the private key and you delegate the signing operation to the to
cryptographic tokens, such as hardware security modules or smart cards. I
don't want copy all the internal structs and helper functions but as far I
understand it's not possible to simply extend the functionality of the x509

Signing via PKCS#11 requires some other parameters as the library/driver,
slot, password, key identifiers and mechanism.

As the private key reference is currently an interface anyway I can imagine
that we add a pkcs11.Config (or ....) that would hold the PKCS#11 context,
session and CKA_ID (key identifier) that can be used for a different
handling and establish an external signing operation.

switch priv := priv.(type) {
case *rsa.PrivateKey:
case *ecdsa.PrivateKey:
case *pkcs11.Config:
panic("internal error")


The problem is that the PKCS#11 package is not part of the GO core.
Implement something like a PKCS#11 in GO could be interesting but I have no
time for a big project like that.

I'm currently thinking about a package independent delegated signature
system but have currently no idea how this could be implemented following
the GO principles.

All suggestions or alternative ideas are welcome!



You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 6 | next ›
Discussion Overview
groupgolang-nuts @
postedSep 12, '14 at 8:18a
activeSep 18, '14 at 12:21p



site design / logo © 2021 Grokbase