go-r2ps-service

module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 20, 2026 License: BSD-2-Clause

README

go-r2ps-service

CI Go Reference Go Report Card Coverage Go Version GHCR License

R2PS (Remote PAKE-Protected Services) server implementation in Go.

Implements the DIGG R2PS specification for secure remote HSM key operations with OPAQUE (RFC 9807) authentication and end-to-end JWE encryption. All cryptographic key operations are performed via PKCS#11 (SoftHSM2 for development, hardware HSM for production).

Package Structure

cmd/server/          HTTP server entry point
internal/
  crypto/            JWS signing/verification, JWE encryption, ECDH
  hsm/               PKCS#11 backend (key generation, ECDSA, ECDH)
  pake/              OPAQUE server (registration, authentication, sessions)
  service/           Request dispatcher, HSM service handlers
pkg/
  client/            R2PS client library (register, authenticate, call service)
  r2ps/              Protocol types and constants
test/integration/    End-to-end tests (SoftHSM2)

Dependencies

Package Purpose
bytemare/opaque v0.18.0 OPAQUE RFC 9807 (P256Sha256)
go-jose/go-jose/v4 JWS/JWE compact serialization
miekg/pkcs11 v1.1.2 PKCS#11 CGo bindings

Quick Start

make build
make test
Docker
cd deployments
docker compose up
Environment Variables
Variable Default Description
R2PS_HSM_MODULE /usr/lib/softhsm/libsofthsm2.so PKCS#11 module path
R2PS_HSM_TOKEN_LABEL r2ps HSM token label
R2PS_HSM_PIN (required) HSM user PIN
R2PS_HSM_SLOT (auto) Slot number (optional, finds by label)

Architecture

See docs/adr/ for architecture decision records.

Development

make setup    # Configure git hooks, download deps, verify build
make check    # Format, vet, test
make coverage # Generate coverage report

License

BSD 2-Clause. See LICENSE.

Directories

Path Synopsis
cmd
server command
internal
hsm
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL