Touch Bar and Keychain support · FiloSottile/mkcert#39

(7 评论) (0 反应) (0 负责人)Go (58,912 star) (3,115 fork)batch import

enhancementhelp wanted

描述

Since name-constrained certs don't work everywhere, leaving the signing key lying around still exposes you to risk of having all of your secure traffic intercepted.

My first thought was that it would be nice to be able to keep the key on a Yubikey, but putting it in the macOS keychain under password/Touch ID protection (or something similar like GNOME keyring) would also be a reasonable intermediate option.

Do you think that would fit in the scope of this project, or should it perhaps be something separate? (Is there already a PKCS#11 abstraction in Golang that would support this functionality?)

贡献者指南

技术栈: go
领域: securitycli
议题类型: feature
难度: 4
预计时间: 3-5 days
活动状态: stale
清晰度: needs investigation
前置要求: Go programmingmacOS keychain understandingPKCS#11 concepts
新手友好度: 20
研究方向: Investigate if there are existing Go PKCS#11 libraries (e.g., github.com/miekg/pkcs11) and macOS keychain C APIs. Review the mkcert codebase to understand how signing keys are currently stored. Consider using the Keychain Services API via cgo or a Go wrapper. Check if Touch ID integration is feasible through the LocalAuthentication framework.