Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Add HSM config support. #22124

zaolin opened this issue Oct 4, 2017 · 3 comments

crypto/tls: Add HSM config support. #22124

zaolin opened this issue Oct 4, 2017 · 3 comments


Copy link

zaolin commented Oct 4, 2017

What version of Go are you using (go version)?


Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

What did you do?

I tried to setting up a tls connection based on a Trusted Platform Module key which
is basically a smartcard.

What did you expect to see?

Functions which can be implemented by myself hooking into the decrypt/sign operations
of the golang tls implementation:

What did you see instead?

Using keys from a TPM requires custom hooks of decrypt/sign
operations because the private key never leaves the secure element. This was not
possible due to missing config functions ( )
for the decrypt/sign operations of the TLS implementation in golang.

Copy link

rminnich commented Oct 4, 2017

can you say a little more about these functions? How many are there? What do they need as arguments? What do they return?

Copy link

paultag commented Oct 4, 2017

@zaolin The great thing about the built in crypto.Signer interface is that it allows other packages to implement that interface.

I had this same need for my Yubikey in PIV mode, so I wrote, which will provide that type for use in Go. I even added a helper for TLS connections

So, this is likely a matter of writing the right shim to provide a crypto.Signer or a crypto.Decrypter for use by the builtins in a third party package 👍

Copy link

zaolin commented Oct 4, 2017

@paultag Okay good to know :) Thanks.

@zaolin zaolin closed this as completed Oct 4, 2017
@golang golang locked and limited conversation to collaborators Oct 4, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

4 participants