New signer implementation in Go
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jan Dittberner 0d69a9013d Refactor HSM setup
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
2 years ago
cmd/signer Refactor HSM setup 2 years ago
docs Remove separate Command dispatcher 2 years ago
pkg Refactor HSM setup 2 years ago
.gitattributes First DDD based signer implementation parts 3 years ago
.gitignore Improve configuration, implement setup mode 2 years ago
.golangci.yml Add test for pkg/hsm/context.go 2 years ago
.goreleaser.yaml Add goreleaser configuration 2 years ago
LICENSE Configure and apply golangci-lint 2 years ago Update README to reflect setup 2 years ago
go.mod Finish openssl repository implementation and tests 2 years ago
go.sum Implement configuration and CA hierarchy setup 2 years ago

Running with softhsm2

Setup HSM keys and certificates

sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup

Run the signer

export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer