blacknon · January 30, 2023 02:19 · blacknon · Oct 17, 2020
diff --git a/example_p11_pubprint.go b/example_p11_pubprint.go
 // Copyright (c) 2020 Blacknon. All rights reserved.
 // Use of this source code is governed by an MIT license
 // that can be found in the LICENSE file.

 // `github.com/miekg/pkcs11/p11`を使って、Yubikey内のpublic keyをssh-rsa形式で出力するsampleコード
 package main

 import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
 	"fmt"
 	"os"

 	"github.com/miekg/pkcs11"
 	"github.com/miekg/pkcs11/p11"
 	"golang.org/x/crypto/ssh"
 )

 var (
 	provider = "/usr/local/lib/opensc-pkcs11.so"
 )

 // main
 func main() {
 	module, err := p11.OpenModule(provider)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}

 	slots, err := module.Slots()
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}

 	for _, slot := range slots {
 		tokenInfo, _ := slot.TokenInfo()

 		fmt.Println(tokenInfo.Label)

 		session, _ := slot.OpenSession()

 		pub := []*pkcs11.Attribute{
 			pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY),
 		}

 		obj, _ := session.FindObjects(pub)
 		for _, o := range obj {
 			l, err := o.Label()
 			if err != nil {
 				fmt.Println(err)
 				continue
 			}

 			v, err := o.Value()
 			if err != nil {
 				fmt.Println(err)
 				continue
 			}

 			rsaPubKey, err := x509.ParsePKIXPublicKey(v)
 			if err != nil {
 				fmt.Println(err)
 				continue
 			}

 			sshKey, ok := rsaPubKey.(*rsa.PublicKey)
 			if !ok {
 				fmt.Println("invalid PEM passed in from user")
 				continue
 			}

 			pub, err := ssh.NewPublicKey(sshKey)
 			if err != nil {
 				fmt.Println(err)
 				continue
 			}

 			p := base64.StdEncoding.EncodeToString(pub.Marshal())
 			fmt.Println(l, ":", p)
 		}
 	}
 }
	// Copyright (c) 2020 Blacknon. All rights reserved.
	// Use of this source code is governed by an MIT license
	// that can be found in the LICENSE file.

	// `github.com/miekg/pkcs11/p11`を使って、Yubikey内のpublic keyをssh-rsa形式で出力するsampleコード
	package main

	import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"fmt"
	"os"

	"github.com/miekg/pkcs11"
	"github.com/miekg/pkcs11/p11"
	"golang.org/x/crypto/ssh"
	)

	var (
	provider = "/usr/local/lib/opensc-pkcs11.so"
	)

	// main
	func main() {
	module, err := p11.OpenModule(provider)
	if err != nil {
	fmt.Println(err)
	os.Exit(1)
	}

	slots, err := module.Slots()
	if err != nil {
	fmt.Println(err)
	os.Exit(1)
	}

	for _, slot := range slots {
	tokenInfo, _ := slot.TokenInfo()

	fmt.Println(tokenInfo.Label)

	session, _ := slot.OpenSession()

	pub := []*pkcs11.Attribute{
	pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY),
	}

	obj, _ := session.FindObjects(pub)
	for _, o := range obj {
	l, err := o.Label()
	if err != nil {
	fmt.Println(err)
	continue
	}

	v, err := o.Value()
	if err != nil {
	fmt.Println(err)
	continue
	}

	rsaPubKey, err := x509.ParsePKIXPublicKey(v)
	if err != nil {
	fmt.Println(err)
	continue
	}

	sshKey, ok := rsaPubKey.(*rsa.PublicKey)
	if !ok {
	fmt.Println("invalid PEM passed in from user")
	continue
	}

	pub, err := ssh.NewPublicKey(sshKey)
	if err != nil {
	fmt.Println(err)
	continue
	}

	p := base64.StdEncoding.EncodeToString(pub.Marshal())
	fmt.Println(l, ":", p)
	}
	}
	}