New signer implementation in Go
Jan Dittberner
b9e8862f3e
Key setup can now be done by the signer, p11tool is no longer needed for key generation. |
||
---|---|---|
cmd/signer | ||
docs | ||
openpgp/signing | ||
pkg | ||
x509 | ||
.gitattributes | ||
.gitignore | ||
.goreleaser.yaml | ||
go.mod | ||
go.sum | ||
README.md |
Running with softhsm2
Setup HSM keys and certificates
sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup
Run the signer
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer