Secure Key Storage (SKS) is a library for Go that abstracts Security Hardware
4 months ago
- #hardware
- #API
- #security
- Secure Key Store (SKS) is a Go library that provides a unified API for hardware security modules like TPM and Secure Enclave.
- Supported hardware and platforms include TPM 2.0 on Linux and Windows, and Secure Enclave on macOS 10.14+.
- Current features: ECDSA P256 key creation, key searching, data signing, and key removal.
- Future features: AWS KMS support as a key store.
- Platform limitations: No biometrics or key accessibility when unlocked on Linux/Windows; no exposed key hierarchies for TPM.
- Key functions: `NewKey` for key pair generation, `FromLabelTag` for key identification, and methods like `Sign`, `Remove`, `Hash`, `Label`, and `Tag`.
- macOS requirement: App must have a registered App ID for Secure Enclave use.
- License: Apache v2.0.