Touch Bar and Keychain support · FiloSottile/mkcert#39

(7 留言) (0 反應) (0 負責人)Go (58,912 star) (3,115 fork)batch import

enhancementhelp wanted

描述

Since name-constrained certs don't work everywhere, leaving the signing key lying around still exposes you to risk of having all of your secure traffic intercepted.

My first thought was that it would be nice to be able to keep the key on a Yubikey, but putting it in the macOS keychain under password/Touch ID protection (or something similar like GNOME keyring) would also be a reasonable intermediate option.

Do you think that would fit in the scope of this project, or should it perhaps be something separate? (Is there already a PKCS#11 abstraction in Golang that would support this functionality?)

貢獻者指南

技術棧: go
領域: securitycli
議題類型: feature
難度: 4
預計時間: 3-5 days
活動狀態: stale
清晰度: needs investigation
前置要求: Go programmingmacOS keychain understandingPKCS#11 concepts
新手友善度: 20
研究方向: Investigate if there are existing Go PKCS#11 libraries (e.g., github.com/miekg/pkcs11) and macOS keychain C APIs. Review the mkcert codebase to understand how signing keys are currently stored. Consider using the Keychain Services API via cgo or a Go wrapper. Check if Touch ID integration is feasible through the LocalAuthentication framework.