New signer implementation in Go
Find a file
Jan Dittberner 47d5b2afff Improve configuration, implement setup mode
- implement a dedicated setup mode for creating CA certificates that is
  triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
  readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
2022-04-19 16:48:32 +02:00
cmd/signer Improve configuration, implement setup mode 2022-04-19 16:48:32 +02:00
docs Improve configuration, implement setup mode 2022-04-19 16:48:32 +02:00
openpgp/signing First DDD based signer implementation parts 2021-08-23 20:53:43 +02:00
pkg Improve configuration, implement setup mode 2022-04-19 16:48:32 +02:00
x509 Implement signing test and domain logic 2021-08-24 22:02:14 +02:00
.gitattributes First DDD based signer implementation parts 2021-08-23 20:53:43 +02:00
.gitignore Improve configuration, implement setup mode 2022-04-19 16:48:32 +02:00
.goreleaser.yaml Add goreleaser configuration 2022-04-16 14:43:05 +02:00
go.mod Improve configuration, implement setup mode 2022-04-19 16:48:32 +02:00
go.sum Implement configuration and CA hierarchy setup 2022-04-16 22:24:32 +02:00
README.md Add PKCS#11 test to generate root certificate 2022-04-13 08:32:16 +02:00

Testing with softhsm2

sudo apt install softhsm2 gnutls-bin
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
export TOKEN_URL=$(p11tool --list-token-urls | grep localhsm | head -1)
p11tool --login --outfile=rootkey2022.pub --label=rootkey2022 --generate-privkey=ECDSA --curve=secp521r1 $TOKEN_URL
go test -v ./cmd/signer/
openssl x509 -in /tmp/test.pem -noout -text