Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: Support PKCS#11 keys for signing #15870

Closed
rolandshoemaker opened this issue May 28, 2016 · 2 comments
Closed

x/crypto/openpgp: Support PKCS#11 keys for signing #15870

rolandshoemaker opened this issue May 28, 2016 · 2 comments

Comments

@rolandshoemaker
Copy link
Member

As the current interface requires the existence of the actual private key in memory for a number of operations a PKCS#11 key (i.e. from letsencrypt/pkcs11key) cannot be used for signing.

It seems like the simplest way to do this would be to allow Signature.PrivateKey.PrivateKey to also be a crypto.Signer (in this switch, but testing the type of priv.PrivateKey instead of priv.PubKeyAlgo) and if present attempt to sign using its Signer.Sign method and parse the resulting signature based on the Signer.PublicKey. As far as I can tell this would be the easiest diff, there is a much more complicated one that completely replaces Signature.PrivateKey.PrivateKey with a crypto.Signer but that would require changing quite a few of the interfaces.

cc @agl for thoughts, if the first idea makes sense I'm happy to work on a CL for it.

@quentinmit quentinmit added this to the Unreleased milestone Jun 17, 2016
@mtharp
Copy link

mtharp commented Sep 26, 2016

#15841 has a patch for this.

@rolandshoemaker
Copy link
Member Author

Looks like this was fixed (...four years ago).

@golang golang locked and limited conversation to collaborators Apr 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants