Search code examples

PKCS11 ECDSA parameters in go module pkcs11

I would like to know how to pass the correct argument values for ECDSA template using go module miekg/pkcs11: this is so far what i got:

    privateKeyTemplate := []*pkcs11.Attribute{
        pkcs11.NewAttribute(pkcs11.CKA_TOKEN, tokenPersistent),
        pkcs11.NewAttribute(pkcs11.CKA_ECDSA_PARAMS, []byte{{/*how to use secp256k1?*/}), 
        pkcs11.NewAttribute(pkcs11.CKA_SIGN, true),
        pkcs11.NewAttribute(pkcs11.CKA_LABEL, label),
        pkcs11.NewAttribute(pkcs11.CKA_SENSITIVE, true),
        pkcs11.NewAttribute(pkcs11.CKA_EXTRACTABLE, true),

Can someone please help me with this?



the byte array provided by Alexander is correct, however please note that my original question was also misleading. One SHOULD NOT put the ECDSA_PARAMS in the private key template, but ONLY on the public key template.


  • Check this line (3189) in OpenSC project:

    FILL_ATTR(privkey_templ[n_privkey_attr], CKA_EC_PARAMS, gost.param_oid.value, gost.param_oid.len); 

    and this one (3199):

    FILL_ATTR(privkey_templ[n_privkey_attr], CKA_GOSTR3410_PARAMS, gost.param_oid.value, gost.param_oid.len);

    Using my experience with GOST keys I suggest that here must be an encoded OID. In your case it can look like this:

    []byte{ 06, 04, 01, 02, 03, 04 }