A Go client for the yubihsm2 binary protocol and connector service
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
commands Fix keyID parsing Sep 17, 2018
connector Prepare for GitHub publication Oct 1, 2018
securechannel Prepare for GitHub publication Oct 1, 2018
.gitignore initial commit Sep 2, 2018
LICENSE Prepare for GitHub publication Oct 1, 2018
README.md Refactor SessionManager Oct 24, 2018
go.mod Prepare for GitHub publication Oct 1, 2018
go.sum initial commit Sep 2, 2018
manager.go Refactor SessionManager Oct 24, 2018

README.md

yubihsm-go

Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.

It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of messages is depleted.

Currently the following commands are implemented:

  • Reset
  • GenerateAsymmetricKey
  • SignDataEddsa
  • PutAsymmetricKey
  • GetPubKey
  • Echo
  • Authentication & Session related commands

Implementing new commands is really easy. Please consult commands/constructors.go and commands/response.go for reference.

Please submit a PR if you have implemented new commands or extended existing constructors.

Example of usage

c := connector.NewHTTPConnector("localhost:1234")
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
if err != nil {
	panic(err)
}

echoMessage := []byte("test")

command, err := commands.CreateEchoCommand(echoMessage)
if err != nil {
	panic(err)
}

resp, err := sm.SendEncryptedCommand(command)
if err != nil {
	panic(err)
}

parsedResp, matched := resp.(*commands.EchoResponse)
if !matched {
	panic("invalid response type")
}

if bytes.Equal(parsedResp.Data, echoMessage) {
	println("successfully echoed data")
} else {
	panic(errors.New("echoed message did not equal requested message"))
}