{"id":18091117,"url":"https://github.com/ryarnyah/pkcs11-go-proxy","last_synced_at":"2025-07-07T11:11:17.309Z","repository":{"id":241818465,"uuid":"807141233","full_name":"ryarnyah/pkcs11-go-proxy","owner":"ryarnyah","description":"[WIP] Securely use your token over the network! (PKCS#11 module \u0026 server proxy over gRPC)","archived":false,"fork":false,"pushed_at":"2024-06-06T11:03:24.000Z","size":227,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-31T18:09:19.459Z","etag":null,"topics":["grpc","pkcs11","proxy","smart-card","tls"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryarnyah.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-28T14:54:13.000Z","updated_at":"2024-07-20T16:50:53.000Z","dependencies_parsed_at":"2024-06-04T18:04:16.222Z","dependency_job_id":null,"html_url":"https://github.com/ryarnyah/pkcs11-go-proxy","commit_stats":null,"previous_names":["ryarnyah/pkcs11-go-proxy"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryarnyah%2Fpkcs11-go-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryarnyah%2Fpkcs11-go-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryarnyah%2Fpkcs11-go-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryarnyah%2Fpkcs11-go-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryarnyah","download_url":"https://codeload.github.com/ryarnyah/pkcs11-go-proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230415318,"owners_count":18222158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["grpc","pkcs11","proxy","smart-card","tls"],"created_at":"2024-10-31T18:09:24.283Z","updated_at":"2024-12-19T10:11:36.714Z","avatar_url":"https://github.com/ryarnyah.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Simple PKCS#11 module proxy over GRPC\n\nCan be used to make a bridge with PKCS#11 windows-only module to use it on linux.\n\n(Info) You can get small binaries compressed with UPX (prefixed by 's' in releases).\n\n## Usage\n### Generate certs\n```bash\n./generate-keys.sh\n```\n### Server\n```bash\n# Bind address\nexport PKCS11_PROXY_URI=\"localhost:8080\"\n# Ca-cert for allowed clients (Optional)\nexport PKCS11_PROXY_CACERT=$(pwd)/ca.crt\n# Server cert \u0026 key (Optional)\nexport PKCS11_PROXY_KEY=$(pwd)/server.key\nexport PKCS11_PROXY_CERT=$(pwd)/server.crt\n# Start server\n./pkcs11-proxy-server\n```\n\n### Client\n```bash\n# Dial address of server\nexport PKCS11_PROXY_URI=\"localhost:8080\"\n# Module to use on server (must be present only on server host)\nexport PKCS11_MODULE=\"/usr/lib/softhsm/libsofthsm2.so\"\n\n# Ca-cert for trusted server (Optional)\nexport PKCS11_PROXY_CACERT=$(pwd)/ca.crt\n# Client cert \u0026 key (Optional)\nexport PKCS11_PROXY_KEY=$(pwd)/client.key\nexport PKCS11_PROXY_CERT=$(pwd)/client.crt\n\n# Example usage on client\np11tool --provider=$(pwd)/pkcs11-proxy-module.so --generate-random=256\np11tool --provider=$(pwd)/pkcs11-proxy-module.so --list-mechanisms\n```\n\n### Example usage\n```bash\n# Install softhsm2\napt-get update\napt-get install -y softhsm2 gnutls-bin curl\n# Initialize softhsm2 token\nmkdir -p $HOME/.local/softhsm2/tokens\ncat \u003e $HOME/.softhsm2.conf \u003c\u003cEOF\n# SoftHSM v2 configuration file\n\ndirectories.tokendir = $HOME/.local/softhsm2/tokens/\nobjectstore.backend = file\n\n# ERROR, WARNING, INFO, DEBUG\nlog.level = ERROR\n\n# If CKF_REMOVABLE_DEVICE flag should be set\nslots.removable = false\n\n# Enable and disable PKCS#11 mechanisms using slots.mechanisms.\nslots.mechanisms = ALL\n\n# If the library should reset the state on fork\nlibrary.reset_on_fork = false\nEOF\nexport SOFTHSM2_CONF=$HOME/.softhsm2.conf\nsofthsm2-util --init-token --slot 0 --label \"My token 1\" --pin 1234 --so-pin 1234\n# Install server\ncurl -LO https://github.com/ryarnyah/pkcs11-go-proxy/releases/latest/download/spkcs11-proxy-server\nchmod +x spkcs11-proxy-server\n\n# Install client\ncurl -LO https://github.com/ryarnyah/pkcs11-go-proxy/releases/latest/download/spkcs11-proxy-module.so\n\n# Generate tls keys\ncurl -LO https://github.com/ryarnyah/pkcs11-go-proxy/raw/main/generate-keys.sh\nchmod +x generate-keys.sh\n./generate-keys.sh\n\n# Launch server\nexport PKCS11_PROXY_ALLOWED_MODULES=\"/usr/lib/softhsm/libsofthsm2.so\"\nexport PKCS11_PROXY_URI=\"localhost:8080\"\nexport PKCS11_PROXY_CACERT=$(pwd)/ca.crt\nexport PKCS11_PROXY_KEY=$(pwd)/server.key\nexport PKCS11_PROXY_CERT=$(pwd)/server.crt\n./spkcs11-proxy-server \u0026\ntimeout 22 bash -c 'until printf \"\" 2\u003e\u003e/dev/null \u003e\u003e/dev/tcp/$0/$1; do sleep 1; done' localhost 8080\n\n# Test client\nunset SOFTHSM2_CONF\n# For pkcs11mod log\nmkdir -p $HOME/.config\nexport PKCS11_PROXY_URI=\"localhost:8080\"\nexport PKCS11_PROXY_CACERT=$(pwd)/ca.crt\nexport PKCS11_PROXY_KEY=$(pwd)/client.key\nexport PKCS11_PROXY_CERT=$(pwd)/client.crt\nexport PKCS11_MODULE=\"/usr/lib/softhsm/libsofthsm2.so\"\np11tool --provider=$(pwd)/spkcs11-proxy-module.so --list-mechanisms\n```\n\n## Build\n```bash\nsudo apt-get update \u0026\u0026 sudo apt-get install gcc-multilib curl unzip gcc gcc-mingw-w64 -y\nmkdir -p $HOME/protobuf \u0026\u0026 pushd $HOME/protobuf\ncurl -o protoc.zip -L 'https://github.com/protocolbuffers/protobuf/releases/download/v27.0/protoc-27.0-linux-x86_64.zip'\nunzip protoc.zip\npopd\nexport PATH=$HOME/.local/bin:$HOME/protobuf/bin:$PATH\nmake dev-dependencies\nmake\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryarnyah%2Fpkcs11-go-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryarnyah%2Fpkcs11-go-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryarnyah%2Fpkcs11-go-proxy/lists"}