Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ryarnyah/pkcs11-go-proxy
Securely use your token over the network! (PKCS#11 module & server proxy over gRPC)
https://github.com/ryarnyah/pkcs11-go-proxy
grpc pkcs11 proxy smart-card tls
Last synced: 14 days ago
JSON representation
Securely use your token over the network! (PKCS#11 module & server proxy over gRPC)
- Host: GitHub
- URL: https://github.com/ryarnyah/pkcs11-go-proxy
- Owner: ryarnyah
- License: gpl-3.0
- Created: 2024-05-28T14:54:13.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-06-06T11:03:24.000Z (5 months ago)
- Last Synced: 2024-06-06T18:40:01.259Z (5 months ago)
- Topics: grpc, pkcs11, proxy, smart-card, tls
- Language: Go
- Homepage:
- Size: 222 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Simple PKCS#11 module proxy over GRPC
Can be used to make a bridge with PKCS#11 windows-only module to use it on linux.
(Info) You can get small binaries compressed with UPX (prefixed by 's' in releases).
## Usage
### Generate certs
```bash
./generate-keys.sh
```
### Server
```bash
# Bind address
export PKCS11_PROXY_URI="localhost:8080"
# Ca-cert for allowed clients (Optional)
export PKCS11_PROXY_CACERT=$(pwd)/ca.crt
# Server cert & key (Optional)
export PKCS11_PROXY_KEY=$(pwd)/server.key
export PKCS11_PROXY_CERT=$(pwd)/server.crt
# Start server
./pkcs11-proxy-server
```
### Client
```bash
# Dial address of server
export PKCS11_PROXY_URI="localhost:8080"
# Module to use on server (must be present only on server host)
export PKCS11_MODULE="/usr/lib/softhsm/libsofthsm2.so"
# Ca-cert for trusted server (Optional)
export PKCS11_PROXY_CACERT=$(pwd)/ca.crt
# Client cert & key (Optional)
export PKCS11_PROXY_KEY=$(pwd)/client.key
export PKCS11_PROXY_CERT=$(pwd)/client.crt
# Example usage on client
p11tool --provider=$(pwd)/pkcs11-proxy-module.so --generate-random=256
p11tool --provider=$(pwd)/pkcs11-proxy-module.so --list-mechanisms
```
### Example usage
```bash
# Install softhsm2
apt-get update
apt-get install -y softhsm2 gnutls-bin curl
# Initialize softhsm2 token
mkdir -p $HOME/.local/softhsm2/tokens
cat > $HOME/.softhsm2.conf <>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' localhost 8080
# Test client
unset SOFTHSM2_CONF
# For pkcs11mod log
mkdir -p $HOME/.config
export PKCS11_PROXY_URI="localhost:8080"
export PKCS11_PROXY_CACERT=$(pwd)/ca.crt
export PKCS11_PROXY_KEY=$(pwd)/client.key
export PKCS11_PROXY_CERT=$(pwd)/client.crt
export PKCS11_MODULE="/usr/lib/softhsm/libsofthsm2.so"
p11tool --provider=$(pwd)/spkcs11-proxy-module.so --list-mechanisms
```
## Build
```bash
sudo apt-get update && sudo apt-get install gcc-multilib curl unzip gcc gcc-mingw-w64 -y
mkdir -p $HOME/protobuf && pushd $HOME/protobuf
curl -o protoc.zip -L 'https://github.com/protocolbuffers/protobuf/releases/download/v27.0/protoc-27.0-linux-x86_64.zip'
unzip protoc.zip
popd
export PATH=$HOME/.local/bin:$HOME/protobuf/bin:$PATH
make dev-dependencies
make
```