New signer implementation in Go
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Jan Dittberner 8e443bd8b4 Implement protocol improvements
This commit implements a client and server side state machine
for the serial protocol.
1 year ago
cmd Implement protocol improvements 1 year ago
docs Rename intermediary CA to subordinate CA 2 years ago
pkg Implement protocol improvements 1 year ago
.gitattributes First DDD based signer implementation parts 3 years ago
.gitignore Implement command type handling 2 years ago
.golangci.yml Switch to logrus for structured logging 2 years ago
.goreleaser.yaml Add goreleaser configuration 2 years ago
LICENSE Configure and apply golangci-lint 2 years ago
README.md Implement serial link and protocol handling infrastructure 2 years ago
go.mod Implement command type handling 2 years ago
go.sum Implement command type handling 2 years ago

README.md

Running with softhsm2

Setup HSM keys and certificates

sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup

Run the signer

export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer

Run the client simulator with socat

You may run the client simulator that sends commands via stdout and reads responses on stdin via socat to simulate traffic on an emulated serial device:

sudo apt install socat
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer

You will need to configure $(pwd)/testPty as serial/device in your config.yaml to let the signer command find the emulated serial device.