key

package

v2.0.4 Latest Latest Go to latest Published: May 12, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aarepuusepp/libcdoc-go

Links

Open Source Insights

Documentation ¶

Index ¶

func NewPKCS11Error(message string, cause error) error
type PKCS11Config
- func (c *PKCS11Config) Validate() error
type PKCS11Context
- func NewPKCS11Context(config PKCS11Config) (*PKCS11Context, error)
type PKCS12KeyEntry
- func ParsePKCS12(p12Data []byte, password string, alias ...string) (*PKCS12KeyEntry, error)
type PrivateKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewPKCS11Error ¶

func NewPKCS11Error(message string, cause error) error

NewPKCS11Error creates a new PKCS#11-related error (wrapper for internal.NewPKCS11Error)

Types ¶

type PKCS11Config ¶

type PKCS11Config struct {
	// Library is the path to the PKCS#11 library (e.g., /usr/lib/pkcs11/libpkcs11.so)
	Library string

	// Slot is the slot number (default: 0)
	Slot int

	// PIN is the token PIN/password
	PIN string

	// Label is an optional key label to find specific keys on the token
	Label string

	// KeyID is an optional key ID (bytes) to find specific keys on the token
	KeyID []byte
}

PKCS11Config holds configuration for PKCS#11 token operations

func (*PKCS11Config) Validate ¶

func (c *PKCS11Config) Validate() error

Validate validates the PKCS11Config

func NewPKCS11Context ¶

func NewPKCS11Context(config PKCS11Config) (*PKCS11Context, error)

NewPKCS11Context creates a new PKCS#11 context and initializes the session

func (*PKCS11Context) Close ¶

func (c *PKCS11Context) Close() error

Close closes the PKCS#11 session and finalizes the context

func (*PKCS11Context) DecryptEC ¶

func (c *PKCS11Context) DecryptEC(keyHandle pkcs11.ObjectHandle, ephemeralPublicKey *ecdsa.PublicKey) ([]byte, error)

DecryptEC performs ECDH key agreement and derives a key for EC decryption Note: PKCS#11 ECDH key derivation is complex. For now, we'll extract the private key and perform the key agreement in software. This is a limitation, but many tokens don't support C_DeriveKey for ECDH properly.

func (*PKCS11Context) DecryptRSA ¶

func (c *PKCS11Context) DecryptRSA(keyHandle pkcs11.ObjectHandle, encryptedData []byte) ([]byte, error)

DecryptRSA decrypts data using an RSA private key on the token

func (*PKCS11Context) FindCertificate ¶

func (c *PKCS11Context) FindCertificate(label string, keyID []byte) (*x509.Certificate, error)

FindCertificate finds a certificate on the token

func (*PKCS11Context) FindPrivateKey ¶

func (c *PKCS11Context) FindPrivateKey(label string, keyID []byte) (pkcs11.ObjectHandle, error)

FindPrivateKey finds a private key on the token

type PKCS12KeyEntry ¶

type PKCS12KeyEntry struct {
	PrivateKey  *PrivateKey
	Certificate *x509.Certificate
}

PKCS12KeyEntry represents a private key and certificate extracted from a PKCS#12 keystore

func ParsePKCS12 ¶

func ParsePKCS12(p12Data []byte, password string, alias ...string) (*PKCS12KeyEntry, error)

ParsePKCS12 parses a PKCS#12 keystore file and extracts the private key and certificate password is the keystore password alias is optional - if not provided, the first valid key entry will be used

type PrivateKey ¶

type PrivateKey struct {
	Key crypto.PrivateKey
}

PrivateKey represents a private key abstraction This wraps Go's crypto.PrivateKey with type information

func ParsePrivateKey ¶

func ParsePrivateKey(data []byte) (*PrivateKey, error)

ParsePrivateKey parses a private key from PEM or DER format

func ParsePrivateKeyDER ¶

func ParsePrivateKeyDER(derData []byte) (*PrivateKey, error)

ParsePrivateKeyDER parses a private key from DER format (PKCS#8)

func ParsePrivateKeyPEM ¶

func ParsePrivateKeyPEM(pemData []byte) (*PrivateKey, error)

ParsePrivateKeyPEM parses a private key from PEM format

func (*PrivateKey) ECPrivateKey ¶

func (pk *PrivateKey) ECPrivateKey() (*ecdsa.PrivateKey, bool)

ECPrivateKey returns the EC private key if available

func (*PrivateKey) IsEC ¶

func (pk *PrivateKey) IsEC() bool

IsEC returns true if the key is an EC key

func (*PrivateKey) IsRSA ¶

func (pk *PrivateKey) IsRSA() bool

IsRSA returns true if the key is an RSA key

func (*PrivateKey) RSAPrivateKey ¶

func (pk *PrivateKey) RSAPrivateKey() (*rsa.PrivateKey, bool)

RSAPrivateKey returns the RSA private key if available

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL