https://github.com/timsan7sk/certex
Go wrapper for the Gamma Technologies Cryptoki(PKCS#11) library of Certex HSM
https://github.com/timsan7sk/certex
cryptoki pkcs11 pki
Last synced: 8 months ago
JSON representation
Go wrapper for the Gamma Technologies Cryptoki(PKCS#11) library of Certex HSM
- Host: GitHub
- URL: https://github.com/timsan7sk/certex
- Owner: timsan7sk
- License: mit
- Created: 2024-05-31T12:08:11.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-10-17T11:48:24.000Z (over 1 year ago)
- Last Synced: 2024-10-19T15:36:16.688Z (over 1 year ago)
- Topics: cryptoki, pkcs11, pki
- Language: Go
- Homepage: https://pki.gov.kz
- Size: 175 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
|[](https://pki.gov.kz/)| **Go wrapper for the [Gamma Technologies](https://gamma.kz/) Cryptoki(PKCS#11) library of Certex HSM** |
|:---------------------------------------------------:|:-------------------------------------------------------------------------------------------------------|
[![reportcard-img]][reportcard-url]
#### Functionality ####
Certex HSM provides the following cryptographic functions:
- Generation of cryptographic keys, encryption and decryption using the algorithm:
- GOST 28147-89 – 256 bit.
- Generation of cryptographic keys, signing and verification of signatures using algorithms:
- ST RK GOST R 34.10–2015 – 512 bit;
- RSA – 4096 bit;
- ECDSA – 384-512 bit;
- GOST 34.310-2004 – 256 bit.
- Digesting(Hashing) data using algorithms:
- ST RK GOST R 34.11–2015 – 512 bit;
- SHA2 – 256-512 bit;
- GOST 34.311-95 – 256 bit.
- Simulated data protection using an algorithm:
- GOST 28147-89 – 64 bit.
#### Example ####
```go
const (
// Library file name
libName = "libcertex-rcsp_r.so.1"
// Path to the configuration file
confPath = "/etc/rcsp.conf"
// PIN Code of HSM (bad practice, don't do that in production code)
PIN = "25032016"
// Slot identificator
slotID = 0
)
func init() {
mod, err = certex.Open(libName, confPath)
if err != nil {
fmt.Println("Open module error: ", err)
os.Exit(1)
}
mod.Lock()
defer mod.Unlock()
opts := certex.Options{
PIN: PIN,
ReadWrite: true,
}
slot, err = mod.Slot(slotID, opts)
if err != nil {
fmt.Println("Open slot error: ", err)
os.Exit(1)
}
info, _ := slot.GetSlotInfo()
fmt.Printf("Slot Info: %+v\n", info)
}
```
| CK_FUNCTION_LIST: | C | Go | Test | Comment|
|:-----------------------|:-:|:--:|:----:|:-----------------------------------------------------------------------------------------------------------------------------------------|
| connect | + | + | + | Connectiong to the Certex HSM|
| C_Initialize: | + | + | + | Initializes the Cryptoki library.|
| C_Finalize: | + | + | + | Indicates that an application is done with the Cryptoki library.|
| C_GetInfo: | + | + | + | Returns general information about Cryptoki.|
| C_GetFunctionList: | + | + | + | Returns the function list.|
| C_GetSlotList: | + | + | + | Obtains a list of slots in the system.|
| C_GetSlotInfo: | + | + | + | Obtains information about a particular slot in the system.|
| C_GetTokenInfo: | + | + | + | Obtains information about a particular token in the system.|
| C_GetMechanismList: | + | + | + | Obtains a list of mechanism types supported by a token|
| C_GetMechanismInfo: | + | + | + | Obtains information about a particular mechanism possibly supported by a token.|
| C_InitToken: | + | + | - | Initializes a token.|
| C_InitPIN: | + | + | - | Initializes the normal user's pin.|
| C_SetPIN: | + | + | + | Modifies the pin of the user who is logged in.|
| C_OpenSession: | + | + | + | Opens a session between an application and a token.|
| C_CloseSession: | + | + | + | Closes a session between an application and a token.|
| C_CloseAllSessions: | + | + | + | Closes all sessions with a token.|
| C_GetSessionInfo: | + | + | + | Obtains information about the session.|
| C_GetOperationState: | + | + | - | Obtains the state of the cryptographic operation in a session.|
| C_SetOperationState: | + | + | - | Restores the state of the cryptographic operation in a session.|
| C_Login: | + | + | + | Logs a user into a token.|
| C_Logout: | + | + | + | Logs a user out from a token.|
| C_CreateObject: | + | + | + | Creates a new object.|
| C_CopyObject: | + | + | + | Copies an object, creating a new object for the copy.|
| C_DestroyObject: | + | + | + | Destroys an object.|
| C_GetObjectSize: | + | + | + | Gets the size of an object in bytes.|
| C_GetAttributeValue: | + | + | - | Obtains the value of one or more object attributes.|
| C_SetAttributeValue: | + | + | - | Modifies the value of one or more object attributes.|
| C_FindObjectsInit: | + | + | + | Initializes a search for token and session objects that match a template.|
| C_FindObjects: | + | + | + | Continues a search for token and session objects that match a template, obtaining additional object handles.|
| C_FindObjectsFinal: | + | + | + | Finishes a search for token and session objects.|
| C_EncryptInit: | + | + | + | Initializes an encryption operation.|
| C_Encrypt: | + | + | + | Encrypts single-part data.|
| C_EncryptUpdate: | + | + | - | Continues a multiple-part encryption operation.|
| C_EncryptFinal: | + | + | - | Finishes a multiple-part encryption operation.|
| C_DecryptInit: | + | + | - | Initializes a decryption operation.|
| C_Decrypt: | + | + | - | Decrypts encrypted data in a single part.|
| C_DecryptUpdate: | + | + | - | Continues a multiple-part decryption operation.|
| C_DecryptFinal: | + | + | - | Finishes a multiple-part decryption operation.|
| C_DigestInit: | + | + | + | Initializes a message-digesting operation.|
| C_Digest: | + | + | + | Digests data in a single part.|
| C_DigestUpdate: | + | + | + | Continues a multiple-part message-digesting operation.|
| C_DigestKey: | + | + | - | Continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.|
| C_DigestFinal: | + | + | + | Finishes a multiple-part message-digesting operation.
| C_SignInit: | + | + | + | Initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|
| C_Sign: | + | + | + | Signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|
| C_SignUpdate: | + | + | + | Continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.|
| C_SignFinal: | + | + | + | Finishes a multiple-part signature operation, returning the signature.|
| C_SignRecoverInit: | + | + | + | Initializes a signature operation, where the data can be recovered from the signature.|
| C_SignRecover: | + | + | + | Signs data in a single operation, where the data can be recovered from the signature.|
| C_VerifyInit: | + | + | + | Initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).|
| C_Verify: | + | + | + | Verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.|
| C_VerifyUpdate: | + | + | - | Continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.|
| C_VerifyFinal: | + | + | - | Finishes a multiple-part verification operation, checking the signature.|
| C_VerifyRecoverInit: | + | + | + | Initializes a signature verification operation, where the data is recovered from the signature.|
| C_VerifyRecover: | + | + | + | Verifies a signature in a single-part operation, where the data is recovered from the signature.|
| C_DigestEncryptUpdate: | + | + | - | Continues a multiple-part digesting and encryption operation.|
| C_DecryptDigestUpdate: | + | + | - | Continues a multiple-part decryption and digesting operation.|
| C_SignEncryptUpdate: | + | + | - | Continues a multiple-part signing and encryption operation.|
| C_DecryptVerifyUpdate: | + | + | - | Continues a multiple-part decryption and verify operation.|
| C_GenerateKey: | + | + | + | Generates a secret key, creating a new key object.|
| C_GenerateKeyPair: | + | + | + | Generates a public-key/private-key pair, creating new key objects.|
| C_WrapKey: | + | + | + | Wraps (i.e., encrypts) a key.|
| C_UnwrapKey: | + | + | - | Unwraps (decrypts) a wrapped key, creating a new key object.|
| C_DeriveKey: | + | + | + | Derives a key from a base key, creating a new key object.|
| C_SeedRandom: | + | + | + | Mixes additional seed material into the token's random number generator.|
| C_GenerateRandom: | + | + | + | Generates random data.|
| C_GetFunctionStatus: | + | - | - | Legacy function; it obtains an updated status of a function running in parallel with an application.|
| C_CancelFunction: | + | - | - | Legacy function; it cancels a function running in parallel.|
| C_WaitForSlotEvent: | + | + | - | Waits for a slot event (token insertion, removal, etc.) to occur.|
[reportcard-img]: https://goreportcard.com/badge/github.com/timsan7sk/certex
[reportcard-url]: https://goreportcard.com/report/github.com/timsan7sk/certex