You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ezekielnewren
dac1fd2bba
|
5 months ago | |
|---|---|---|
| authkey | 3 years ago | |
| commands | 5 months ago | |
| connector | 5 months ago | |
| securechannel | 2 years ago | |
| .gitignore | 2 years ago | |
| LICENSE | 5 years ago | |
| README.md | 11 months ago | |
| go.mod | 2 years ago | |
| go.sum | 2 years ago | |
| manager.go | 4 years ago | |
README.md
yubihsm-go
Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.
It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of messages is depleted.
Currently the following commands are implemented:
- DeviceInfo
- Reset
- GenerateAsymmetricKey
- SignDataEddsa
- SignDataPkcs1
- PutAsymmetricKey
- GetPubKey
- DeriveEcdh
- Echo
- ChangeAuthenticationKey
- PutAuthenticationKey
- GetOpaque
- PutOpaque
- SignAttestationCertificate
- Authentication & Session related commands
- GetPseudoRandom
Implementing new commands is really easy. Please consult commands/constructors.go and commands/response.go for reference.
Please submit a PR if you have implemented new commands or extended existing constructors.
Example of usage
c := connector.NewHTTPConnector("localhost:1234")
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
if err != nil {
panic(err)
}
echoMessage := []byte("test")
command, err := commands.CreateEchoCommand(echoMessage)
if err != nil {
panic(err)
}
resp, err := sm.SendEncryptedCommand(command)
if err != nil {
panic(err)
}
parsedResp, matched := resp.(*commands.EchoResponse)
if !matched {
panic("invalid response type")
}
if bytes.Equal(parsedResp.Data, echoMessage) {
println("successfully echoed data")
} else {
panic(errors.New("echoed message did not equal requested message"))
}