FAQ
I'm currently extending the "crypto/x509" package to work with key
materials stored on a HSM via the "github.com/miekg/pkcs11" package.

While all the internal structs as 'tbsCertificate', 'nameConstraints' and
many others stay the same it's the handling in 'CreateCertificate' or
'CreateCRL' that is slightly different, in PKCS#11 you don't have access to
the private key and you delegate the signing operation to the to
cryptographic tokens, such as hardware security modules or smart cards. I
don't want copy all the internal structs and helper functions but as far I
understand it's not possible to simply extend the functionality of the x509
package.

Signing via PKCS#11 requires some other parameters as the library/driver,
slot, password, key identifiers and mechanism.

As the private key reference is currently an interface anyway I can imagine
that we add a pkcs11.Config (or ....) that would hold the PKCS#11 context,
session and CKA_ID (key identifier) that can be used for a different
handling and establish an external signing operation.

switch priv := priv.(type) {
case *rsa.PrivateKey:
//
case *ecdsa.PrivateKey:
//
case *pkcs11.Config:
//
default:
panic("internal error")
}



  http://golang.org/src/pkg/crypto/x509/x509.go#L1496


The problem is that the PKCS#11 package is not part of the GO core.
Implement something like a PKCS#11 in GO could be interesting but I have no
time for a big project like that.

I'm currently thinking about a package independent delegated signature
system but have currently no idea how this could be implemented following
the GO principles.

All suggestions or alternative ideas are welcome!

Thanks,

Paul

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 6 | next ›
Discussion Overview
groupgolang-nuts @
categoriesgo
postedSep 12, '14 at 8:18a
activeSep 18, '14 at 12:21p
posts6
users2
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase