Welcome to the go-pkcs11uri library. The implementation follows RFC 7512 and this errata.
The following example builds on this library here and are using softhsm2 on Fedora.
This example program extending the one found here:
package main
import (
"fmt"
"os"
"strconv"
"github.com/miekg/pkcs11"
pkcs11uri "github.com/stefanberger/go-pkcs11uri"
)
func main() {
if len(os.Args) < 2 {
panic("Missing pkcs11 URI argument")
}
uristr := os.Args[1]
uri, err := pkcs11uri.New()
if err != nil {
panic(err)
}
err = uri.Parse(uristr)
if err != nil {
panic(err)
}
module, err := uri.GetModule()
if err != nil {
panic(err)
}
slot, ok := uri.GetPathAttribute("slot-id", false)
if !ok {
panic("No slot-id in pkcs11 URI")
}
slotid, err := strconv.Atoi(slot)
if err != nil {
panic(err)
}
pin, err := uri.GetPIN()
if err != nil {
panic(err)
}
p := pkcs11.New(module)
err = p.Initialize()
if err != nil {
panic(err)
}
defer p.Destroy()
defer p.Finalize()
session, err := p.OpenSession(uint(slotid), pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
panic(err)
}
defer p.CloseSession(session)
err = p.Login(session, pkcs11.CKU_USER, pin)
if err != nil {
panic(err)
}
defer p.Logout(session)
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
panic(err)
}
for _, d := range hash {
fmt.Printf("%x", d)
}
fmt.Println()
}
$ sudo softhsm2-util --init-token --slot 1 --label test --pin 1234 --so-pin 1234
The token has been initialized and is reassigned to slot 2053753261
$ go build ./...
$ sudo ./pkcs11-example 'pkcs11:slot-id=2053753261?module-path=/usr/lib64/pkcs11/libsofthsm2.so&pin-value=1234'
517592df8fec3ad146a79a9af153db2a4d784ec5