Documentation ¶
Index ¶
- Constants
- Variables
- type Config
- type Token
- func (t Token) AuthenticationCertificate() (*piv.Certificate, error)
- func (t Token) CardAuthenticationCertificate() (*piv.Certificate, error)
- func (s Token) Close() error
- func (t Token) DigitalSignatureCertificate() (*piv.Certificate, error)
- func (t Token) Facial() (*cbeff.CBEFF, error)
- func (t Token) KeyManagementCertificate() (*piv.Certificate, error)
Constants ¶
const ( // AuthKeyLabel string = "PIV AUTH key" // AuthPubkeyLabel string = "PIV AUTH pubkey" AuthCertificateLabel string = "Certificate for PIV Authentication" // SignKeyLabel string = "SIGN key" // SignPubkeyLabel string = "SIGN pubkey" SignCertificateLabel string = "Certificate for Digital Signature" // CardAuthKeyLabel string = "CARD AUTH key" // CardAuthPubkeyLabel string = "CARD AUTH pubkey" CardAuthCertificateLabel string = "Certificate for Card Authentication" // // KeyManagementCertificateLabel string = "Certificate for Key Management" // FingerprintLabel string = "Cardholder Fingerprints" FacialLabel string = "Cardholder Facial Image" )
Variables ¶
var (
NotFound = fmt.Errorf("piv: pkcs11: Not Found")
)
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Full path to the PKCS#11 object on the filesystem. The exact value // of this depends on the host, but should usually end in a .so Module string // Optional PIN for the PKCS#11 token. If this is nil, no PIN will be // sent to the device. PIN *string // TokenLabel string }
HSM Configuration object, to define which PKCS#11 .so module to use, Certificate and Private Key strings, a PIN (if needed), and the label of the token.
func (Config) GetCertificateTemplate ¶
Create a pkcs11.Attribute array containing constraints that should uniquely identify the PKCS#11 Certificate we're interested in
func (Config) GetDataTemplate ¶
Create a pkcs11.Attribute array containing constraints that should uniquely identify the PKCS#11 Certificate we're interested in
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
internal hsm.Store encaupsulating state. This implements the store.Store interface, as well as crypto.Signer, and crypto.Decryptor.
func New ¶
Create a new hsm.Store defined by the hsm.Config. If no slot can be found, or the underlying infrastructure throws a problem at us, we will return an error.
func (Token) AuthenticationCertificate ¶
func (t Token) AuthenticationCertificate() (*piv.Certificate, error)
func (Token) CardAuthenticationCertificate ¶
func (t Token) CardAuthenticationCertificate() (*piv.Certificate, error)
func (Token) Close ¶
Method to log out of the Token, and close any open sessions we might have open. This method ought to be defer'd after creating a new hsm.Store.
func (Token) DigitalSignatureCertificate ¶
func (t Token) DigitalSignatureCertificate() (*piv.Certificate, error)
func (Token) KeyManagementCertificate ¶
func (t Token) KeyManagementCertificate() (*piv.Certificate, error)