{"id":25255255,"url":"https://github.com/timsan7sk/certex","last_synced_at":"2025-10-27T01:31:25.543Z","repository":{"id":242484400,"uuid":"808600923","full_name":"timsan7sk/certex","owner":"timsan7sk","description":"Go wrapper for the Gamma Technologies Cryptoki(PKCS#11) library of Certex HSM","archived":false,"fork":false,"pushed_at":"2024-10-17T11:48:24.000Z","size":179,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-19T15:36:16.688Z","etag":null,"topics":["cryptoki","pkcs11","pki"],"latest_commit_sha":null,"homepage":"https://pki.gov.kz","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/timsan7sk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-31T12:08:11.000Z","updated_at":"2024-10-17T11:45:56.000Z","dependencies_parsed_at":"2024-08-27T06:46:35.623Z","dependency_job_id":"d103ba3a-2cd3-4061-ace0-c37eb96969ec","html_url":"https://github.com/timsan7sk/certex","commit_stats":null,"previous_names":["timsan7sk/certex"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timsan7sk%2Fcertex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timsan7sk%2Fcertex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timsan7sk%2Fcertex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timsan7sk%2Fcertex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/timsan7sk","download_url":"https://codeload.github.com/timsan7sk/certex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238422537,"owners_count":19469548,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptoki","pkcs11","pki"],"created_at":"2025-02-12T05:53:50.820Z","updated_at":"2025-10-27T01:31:25.530Z","avatar_url":"https://github.com/timsan7sk.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"|[![Scheme](./images/nca_icon.png)](https://pki.gov.kz/)| **Go wrapper for the [Gamma Technologies](https://gamma.kz/) Cryptoki(PKCS#11) library of Certex HSM** |\n|:---------------------------------------------------:|:-------------------------------------------------------------------------------------------------------|\n\n[![reportcard-img]][reportcard-url]\n\n#### Functionality ####\nCertex HSM provides the following cryptographic functions:\n- Generation of cryptographic keys, encryption and decryption using the algorithm:\n\t- GOST 28147-89 – 256 bit.\n\n- Generation of cryptographic keys, signing and verification of signatures using algorithms:\n\t- ST RK GOST R 34.10–2015 – 512 bit;\n\t- RSA – 4096 bit;\n\t- ECDSA – 384-512 bit;\n\t- GOST 34.310-2004 – 256 bit.\n\n- Digesting(Hashing) data using algorithms:\n\t- ST RK GOST R 34.11–2015 – 512 bit;\n\t- SHA2 – 256-512 bit;\n\t- GOST 34.311-95 – 256 bit.\n\n- Simulated data protection using an algorithm:\n\t- GOST 28147-89 – 64 bit.\n\n#### Example ####\n\n```go\nconst (\n // Library file name\n libName = \"libcertex-rcsp_r.so.1\"\n\t// Path to the configuration file\n\tconfPath = \"/etc/rcsp.conf\"\n // PIN Code of HSM (bad practice, don't do that in production code)\n PIN = \"25032016\"\n // Slot identificator\n\tslotID = 0\n)\nfunc init() {\n\tmod, err = certex.Open(libName, confPath)\n\tif err != nil {\n\t\tfmt.Println(\"Open module error: \", err)\n\t\tos.Exit(1)\n\t}\n\tmod.Lock()\n\tdefer mod.Unlock()\n\n\topts := certex.Options{\n\t\tPIN: PIN,\n\t\tReadWrite: true,\n\t}\n\tslot, err = mod.Slot(slotID, opts)\n\tif err != nil {\n\t\tfmt.Println(\"Open slot error: \", err)\n\t\tos.Exit(1)\n\t}\n info, _ := slot.GetSlotInfo()\n fmt.Printf(\"Slot Info: %+v\\n\", info)\n}\n\n```\n\n| CK_FUNCTION_LIST: | C | Go | Test | Comment|\n|:-----------------------|:-:|:--:|:----:|:-----------------------------------------------------------------------------------------------------------------------------------------|\n| connect | + | + | + | Connectiong to the Certex HSM|\n| C_Initialize: | + | + | + | Initializes the Cryptoki library.|\n| C_Finalize: | + | + | + | Indicates that an application is done with the Cryptoki library.|\n| C_GetInfo: | + | + | + | Returns general information about Cryptoki.|\n| C_GetFunctionList: | + | + | + | Returns the function list.|\n| C_GetSlotList: | + | + | + | Obtains a list of slots in the system.|\n| C_GetSlotInfo: | + | + | + | Obtains information about a particular slot in the system.|\n| C_GetTokenInfo: | + | + | + | Obtains information about a particular token in the system.|\n| C_GetMechanismList: | + | + | + | Obtains a list of mechanism types supported by a token|\n| C_GetMechanismInfo: | + | + | + | Obtains information about a particular mechanism possibly supported by a token.|\n| C_InitToken: | + | + | - | Initializes a token.|\n| C_InitPIN: | + | + | - | Initializes the normal user's pin.|\n| C_SetPIN: | + | + | + | Modifies the pin of the user who is logged in.|\n| C_OpenSession: | + | + | + | Opens a session between an application and a token.|\n| C_CloseSession: | + | + | + | Closes a session between an application and a token.|\n| C_CloseAllSessions: | + | + | + | Closes all sessions with a token.|\n| C_GetSessionInfo: | + | + | + | Obtains information about the session.|\n| C_GetOperationState: | + | + | - | Obtains the state of the cryptographic operation in a session.|\n| C_SetOperationState: | + | + | - | Restores the state of the cryptographic operation in a session.|\n| C_Login: | + | + | + | Logs a user into a token.|\n| C_Logout: | + | + | + | Logs a user out from a token.|\n| C_CreateObject: | + | + | + | Creates a new object.|\n| C_CopyObject: | + | + | + | Copies an object, creating a new object for the copy.|\n| C_DestroyObject: | + | + | + | Destroys an object.|\n| C_GetObjectSize: | + | + | + | Gets the size of an object in bytes.|\n| C_GetAttributeValue: | + | + | - | Obtains the value of one or more object attributes.|\n| C_SetAttributeValue: | + | + | - | Modifies the value of one or more object attributes.|\n| C_FindObjectsInit: | + | + | + | Initializes a search for token and session objects that match a template.|\n| C_FindObjects: | + | + | + | Continues a search for token and session objects that match a template, obtaining additional object handles.|\n| C_FindObjectsFinal: | + | + | + | Finishes a search for token and session objects.|\n| C_EncryptInit: | + | + | + | Initializes an encryption operation.|\n| C_Encrypt: | + | + | + | Encrypts single-part data.|\n| C_EncryptUpdate: | + | + | - | Continues a multiple-part encryption operation.|\n| C_EncryptFinal: | + | + | - | Finishes a multiple-part encryption operation.|\n| C_DecryptInit: | + | + | - | Initializes a decryption operation.|\n| C_Decrypt: | + | + | - | Decrypts encrypted data in a single part.|\n| C_DecryptUpdate: | + | + | - | Continues a multiple-part decryption operation.|\n| C_DecryptFinal: | + | + | - | Finishes a multiple-part decryption operation.|\n| C_DigestInit: | + | + | + | Initializes a message-digesting operation.|\n| C_Digest: | + | + | + | Digests data in a single part.|\n| C_DigestUpdate: | + | + | + | Continues a multiple-part message-digesting operation.|\n| C_DigestKey: | + | + | - | Continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.|\n| C_DigestFinal: | + | + | + | Finishes a multiple-part message-digesting operation.\n| C_SignInit: | + | + | + | Initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|\n| C_Sign: | + | + | + | Signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|\n| C_SignUpdate: | + | + | + | Continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|\n| C_SignFinal: | + | + | + | Finishes a multiple-part signature operation, returning the signature.|\n| C_SignRecoverInit: | + | + | + | Initializes a signature operation, where the data can be recovered from the signature.|\n| C_SignRecover: | + | + | + | Signs data in a single operation, where the data can be recovered from the signature.|\n| C_VerifyInit: | + | + | + | Initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).|\n| C_Verify: | + | + | + | Verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.|\n| C_VerifyUpdate: | + | + | - | Continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.|\n| C_VerifyFinal: | + | + | - | Finishes a multiple-part verification operation, checking the signature.|\n| C_VerifyRecoverInit: | + | + | + | Initializes a signature verification operation, where the data is recovered from the signature.|\n| C_VerifyRecover: | + | + | + | Verifies a signature in a single-part operation, where the data is recovered from the signature.|\n| C_DigestEncryptUpdate: | + | + | - | Continues a multiple-part digesting and encryption operation.|\n| C_DecryptDigestUpdate: | + | + | - | Continues a multiple-part decryption and digesting operation.|\n| C_SignEncryptUpdate: | + | + | - | Continues a multiple-part signing and encryption operation.|\n| C_DecryptVerifyUpdate: | + | + | - | Continues a multiple-part decryption and verify operation.|\n| C_GenerateKey: | + | + | + | Generates a secret key, creating a new key object.|\n| C_GenerateKeyPair: | + | + | + | Generates a public-key/private-key pair, creating new key objects.|\n| C_WrapKey: | + | + | + | Wraps (i.e., encrypts) a key.|\n| C_UnwrapKey: | + | + | - | Unwraps (decrypts) a wrapped key, creating a new key object.|\n| C_DeriveKey: | + | + | + | Derives a key from a base key, creating a new key object.|\n| C_SeedRandom: | + | + | + | Mixes additional seed material into the token's random number generator.|\n| C_GenerateRandom: | + | + | + | Generates random data.|\n| C_GetFunctionStatus: | + | - | - | Legacy function; it obtains an updated status of a function running in parallel with an application.|\n| C_CancelFunction: | + | - | - | Legacy function; it cancels a function running in parallel.|\n| C_WaitForSlotEvent: | + | + | - | Waits for a slot event (token insertion, removal, etc.) to occur.|\n\n\n[reportcard-img]: https://goreportcard.com/badge/github.com/timsan7sk/certex\n[reportcard-url]: https://goreportcard.com/report/github.com/timsan7sk/certex","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimsan7sk%2Fcertex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftimsan7sk%2Fcertex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimsan7sk%2Fcertex/lists"}