harrison314 / bouncyhsm Goto Github PK

Migrate to .Net 8 and release new version.

For deployment scenarios with deploy to URL with base path eg. https://myproject.com/Hsm/ set BasePath in configuration.

(in index.htm must by replaced <base href="/" />)

First off - love this package. It has been great for experimenting with PKCS11 and having some visibility into what I'm creating on the HSM. Definitely prefer it over softHSM. But I did run into one issue:

If I try to grab attribute values from keys stored in the HSM, the pkcs11.GetAttributeValue works fine unless the attribute is boolean, in which case it fails. Hard to know exactly where it fails but the function works fine with softHSM so pretty sure its on the HSM side. Here is the function I'm running.

`func ListObjects(lib string, pin string, slot uint) {
p, session := activateToken(lib, pin, slot) //helper function to set up connection
defer deactivateToken(p, session) //helper function to tear down connection

listattr := []*pkcs11.Attribute{
	pkcs11.NewAttribute(pkcs11.CKA_LABEL, nil),
	pkcs11.NewAttribute(pkcs11.CKA_ID, nil),
	pkcs11.NewAttribute(pkcs11.CKA_CLASS, nil),
	pkcs11.NewAttribute(pkcs11.CKA_KEY_TYPE, nil),
	pkcs11.NewAttribute(pkcs11.CKA_EXTRACTABLE, nil),
}
p.FindObjectsInit(session, []*pkcs11.Attribute{pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true)})
handles, _, _ := p.FindObjects(session, 5)
for _, handle := range handles {
	values, err := p.GetAttributeValue(session, handle, listattr)
	if err != nil {
		fmt.Printf("An error occurred retrieving the key attribute values. Error: %s", err.Error())
	}
	cls := keyClassToString(values[2].Value) // converts []byte to class string
	ts := keyTypeToString(values[3].Value) // converts []byte to key type string
	ex := keyBytetoBool(values[4].Value)  //converts []byte to boolean
	fmt.Println("---------------------------------------------------------------")
	fmt.Printf("The found key has handle: %d with the following properties:\n", handle)
	fmt.Printf("KeyClass: %s\nKeytype: %s\nLabel: %s\nID: %s\nExportable: %t\n", cls, ts, values[0].Value, values[1].Value, ex)
}

}`

Are additional storages desired?

Is LiteDb not enough, or is remote/shared storage required?

Example MySQL storage: MySqlPersistentRepository.zip

Add metadata (key-value pairs) to slot storage for future or customer specific extensions (eg. multi-card authentification with custom native functions).

Or add metadata to objects (eg. for atestation).