Skip to content

WIP: sign with ed25519 PKCS11 keys #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

WIP: sign with ed25519 PKCS11 keys #43

wants to merge 8 commits into from

Conversation

@johannww
Copy link
Contributor

@johannww johannww commented Aug 22, 2025
edited
Loading

In the spirit of #29, I am trying to implement ed25519 support for PKCS11 bccsp. First I would like to ask if this interests the maintainers/contributors.

Anyway, I present what I have reached so far:

  • Bump on miekg/pkcs11 to branch v3, which supports ed25519.
  • Created necessary methods.
  • Created a signature/verify test, signing in the HSM (softhsm2) and verifying outside it

I would like to ask for assistance regarding the following topics:

  • I noticed that different HSM libraries return the ecPoint with a few extra bytes. For ed25519, I could identify and fix it for softhsm2. How can I test for opencryptoki?

https://github.com/johannww/fabric-lib-go/blob/4a8e7bea6c980371f53c6121cdcabd20a0611283/bccsp/pkcs11/pkcs11.go#L1007-L1021

Thank you for your attention in advance.

@johannww johannww requested a review from a team as a code owner August 22, 2025 00:31
@johannww
WIP: sign with ed25519 PKCS11 keys
82e27fb 
- This was tested with softhsm2
- Bump on miekg/pkcs11 to branch v3, which supports edwards

Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Fix vendor problems
bd47f39 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Ed25519 pub key must not be a pointer
3ab3d56 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Join EC and ED25519 pkcs11 point retrieval
9d4f50d 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Handle ed25519 on GetKey
78616e1 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Add ed25519 load from ski test
e045df6 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Copy link
Contributor Author

johannww commented Oct 28, 2025

I adjusted somethings after testing with my fabric-ca fork that support ed25519 both on SW and PCKS11 bccsps: https://github.com/johannww/fabric-ca

@johannww
Fix comment
dbcbfd3 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
@johannww
Bump go version to match fabric
2f816cb 
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johannww