New signer implementation in Go
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Jan Dittberner 9905d748d9 Improve signer robustness
- let client simulator send some garbage bytes before starting real commands
- handle EOF during reads
1 year ago
cmd Improve signer robustness 1 year ago
docs Rename intermediary CA to subordinate CA 2 years ago
internal Refactor COBS wire protocol 1 year ago
pkg Improve signer robustness 1 year ago
.gitattributes First DDD based signer implementation parts 3 years ago
.gitignore Implement command type handling 2 years ago
.golangci.yml Move internal code to internal packages 1 year ago
.goreleaser.yaml Add goreleaser configuration 2 years ago
LICENSE Configure and apply golangci-lint 2 years ago
Makefile Protocol improvements 1 year ago
README.md Implement serial link and protocol handling infrastructure 2 years ago
go.mod Protocol improvements 1 year ago
go.sum Protocol improvements 1 year ago

README.md

Running with softhsm2

Setup HSM keys and certificates

sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup

Run the signer

export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer

Run the client simulator with socat

You may run the client simulator that sends commands via stdout and reads responses on stdin via socat to simulate traffic on an emulated serial device:

sudo apt install socat
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer

You will need to configure $(pwd)/testPty as serial/device in your config.yaml to let the signer command find the emulated serial device.