salrashid123
diff --git a/‎README.md‎
Lines changed: 18 additions & 12 deletions b/‎README.md‎
Lines changed: 18 additions & 12 deletions
diff --git a/‎example/README.md‎
Lines changed: 63 additions & 21 deletions b/‎example/README.md‎
Lines changed: 63 additions & 21 deletions
diff --git a/‎example/certs/client.key‎
Lines changed: 28 additions & 0 deletions b/‎example/certs/client.key‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎example/go.mod‎
Lines changed: 15 additions & 5 deletions b/‎example/go.mod‎
Lines changed: 15 additions & 5 deletions
diff --git a/‎example/go.sum‎
Lines changed: 34 additions & 7 deletions b/‎example/go.sum‎
Lines changed: 34 additions & 7 deletions
@@ -36,10 +36,7 @@ For other references, see:
 
 Using this is really easy...you just need something that surfaces that interface.
 
-I've written some simple ones here...the `examples/` folder uses a _PEM Signer_  (yes i'm well aware go-jwt already supports PEM format keys...i just happened to make a Signer so i could test the other ones)
-
-
-The following shows the PEM signer and Google Cloud KMS based signers:
+I've written some simple ones here...the `examples/` folder for TPM, KMS and PKCS.
 
 ```golang
 package main
@@ -71,18 +68,28 @@ func main() {
 	// ############# for a KMS signer
 
 	// r, err := salkms.NewKMSCrypto(&salkms.KMS{
-	// 	ProjectId:          "mineral-minutia-820",
-	// 	LocationId:         "us-central1",
-	// 	KeyRing:            "kr",
-	// 	Key:                "s",
-	// 	KeyVersion:         "1",
+	// 	ProjectId:  "your_project_id",
+	// 	LocationId: "us-central1",
+	// 	KeyRing:    "kr",
+	// 	Key:        "rskey1",
+	// 	KeyVersion: "1",
 	// })
 
 	// ############# for a TPM singer
 
+	// k, err := client.LoadCachedKey(rwc, tpmutil.Handle(*persistentHandle), nil)
+	// rwc, err := OpenTPM(*tpmPath)
+	// rwr := transport.FromReadWriter(rwc)
+	// pub, err := tpm2.ReadPublic{
+	// 	ObjectHandle: tpm2.TPMHandle(*handle),
+	// }.Execute(rwr)
+
 	// r, err := saltpm.NewTPMCrypto(&saltpm.TPM{
-	// 	TpmPath:     "/dev/tpm0",
-	// 	KeyHandle: uint32(0x81010002),
+	// 	TpmDevice: rwc,
+	// 	NamedHandle: &tpm2.NamedHandle{
+	// 		Handle: tpm2.TPMHandle(*handle),
+	// 		Name:   pub.Name,
+	// 	},
 	// })
 
 	// ############# for a Yubikey singer
@@ -116,7 +123,6 @@ func main() {
 	// }
 
 	// cctx, err := crypto11.Configure(config)
-
 	// defer cctx.Close()
 
 	// r, err := salpkcs.NewPKCSCrypto(&salpkcs.PKCS{
 
@@ -3,31 +3,47 @@
 
 #### TPM
 
+If you want to use a swtpm instead of a real one:
+
+```bash
+rm -rf /tmp/tokens/ && mkdir /tmp/tokens
+sudo swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --flags not-need-init,startup-clear
+```
+
 ```bash
+### for swtpm
+# export TPM2TOOLS_TCTI="swtpm:port=2321"
+
+
 ## for rsapersistentHandle
 
- tpm2_createprimary -C e -c primary.ctx
+ tpm2_createprimary -C o -c primary.ctx
  tpm2_create -G rsa2048:rsassa:null -g sha256 -u key.pub -r key.priv -C primary.ctx
+ tpm2_flushcontext -t 
  tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
  tpm2_evictcontrol -C o -c key.ctx 0x81008001
-
+ tpm2_flushcontext -t
+ 
 ## for eccpersistentHandle
 
- tpm2_createprimary -C e -c primary.ctx
+ tpm2_createprimary -C o -c primary.ctx
  tpm2_create -G ecc:ecdsa  -g sha256  -u key.pub -r key.priv -C primary.ctx
+ tpm2_flushcontext -t
  tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
  tpm2_evictcontrol -C o -c key.ctx 0x81008002
-
+ tpm2_flushcontext -t
 
 ## for policyRSApersistentHandle
 
  tpm2_startauthsession -S session.dat
  tpm2_policypcr -S session.dat -l sha256:23  -L policy.dat
  tpm2_flushcontext session.dat
  tpm2_createprimary -C o -c primary2.ctx
+ tpm2_flushcontext -t 
  tpm2_create -G rsa2048:rsassa:null -g sha256 -u rsa2.pub -r rsa2.priv -C primary2.ctx  -L policy.dat
  tpm2_load -C primary2.ctx -u rsa2.pub -r rsa2.priv -c rsa2.ctx
  tpm2_evictcontrol -C o -c rsa2.ctx 0x81008004
+ tpm2_flushcontext -t 
 ```
 
 #### KMS
@@ -59,33 +75,59 @@ once you set that up, you can use this library as a `crypto.Singer`
 
 ### PKCS11
 
-For PKCS see
 
-- [golang-jwt for PKCS11](https://github.com/salrashid123/golang-jwt-pkcs11)
+For PKCS, we'll use [SoftHSM](https://www.opendnssec.org/softhsm/) (see example installation [here](https://github.com/salrashid123/golang-jwt-pkcs11?tab=readme-ov-file#setup-softhsm))
 
+or as a quickstart
 
-once you set that up, you can use this library as a `crypto.Singer`
+```bash
+cd /tmp/
+rm -rf /tmp/tokens/ && mkdir /tmp/tokens
+```
+
+create a file called softhsm.conf with the following content
+
+```conf
+log.level = DEBUG
+objectstore.backend = file
+directories.tokendir = /tmp/tokens
+slots.removable = false
+```
 
 
+Now on the `certs/` folder of this repo, convert the key to DER
+
 ```bash
-cd /tmp/
-git clone https://github.com/salrashid123/golang-jwt-pkcs11
-cd golang-jwt-pkcs11/
+cd certs/
+# openssl rsa -in client.key -outform DER -out client_key.der
+# openssl x509 -outform DER -in client.crt -out client_cert.der
+```
+
+Import the key and certificate using `pkcs11-tool`
+
+
+```bash
+export SOFTHSM2_CONF=/tmp/softhsm.conf
+pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --slot-index=0 --init-token --label="token1" --so-pin="123456"
+pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so  --label="token1" --init-pin --so-pin "123456" --pin mynewpin
 
-# vi  softhsm.com
-#   log.level = DEBUG
-#   objectstore.backend = file
-#   directories.tokendir = /tmp/golang-jwt-pkcs11/test_data
-#   slots.removable = false
+pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-token-slots
+
+pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-token-slots
+pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so -l -k --key-type rsa:2048 --id 4142 --label keylabel1 --pin mynewpin
+```
+
+remember to set the 
+
+
+```bash
+export SOFTHSM2_CONF=/tmp/softhsm.conf
+```
 
+then run `example/rsa_pkcs/main.go` and run
 
-export SOFTHSM2_CONF=/tmp/golang-jwt-pkcs11/test_data/softhsm.conf
 
-$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --slot-index=0 --init-token --label="token1" --so-pin="123456"
-$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so  --label="token1" --init-pin --so-pin "123456" --pin mynewpin
-$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-mechanisms --slot-index 0
+Also see [golang-jwt for PKCS11](https://github.com/salrashid123/golang-jwt-pkcs11)
 
-$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-token-slots
-$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so -l -k --key-type rsa:2048 --id 4142 --label keylabel1 --pin mynewpin
 
 ```
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDF37JcU2NFnAYx
+qCzXVLCBbFHgBPKuxCxn+swfSRBo7tV/w5UjLLB10DiLo5HA3Nlh3eyr2+1oGgsS
+6fEGnKZxBt5+OU+RM4svYDbyXgYG7S9wtfbH6VDXWyAqqq0lHqL6UnVDQM/Jp26e
+95dYlxbYzQgsDQIs4S4OoMajTdRQfSz5tv72mh4f8i0izSlV0Hsz+ZkpySjWu94f
+OpIfDDpMhklYVW87H5KDSrSCu3jMmNC3rKCpcg4zg8LifV7GuuqtcIIsGIx38lyI
+VAkRaUNlFIXbiioNmHQn25QQrsJKEoWGxS0U684Y+qnTBtlytW2N0e3GLET/ACkS
+RNBqChARAgMBAAECggEALMmvY3p0c+MW+9JnI+5FbWYJOj2keK5qprZ70XEGR9oX
+dS3d6fJJlsEkq2bArPjQM3i6A0Rqfi+25fcR2T9H5Tl6zvNF8UXLcVPD3CQwFQ1G
+uapWS3WiGLzFkSLEwiwnE6XqaOiYn7pILa85EJJSV4xBF0dygJoPhLwbegc50WW9
+1QzsZyiziSbtVF+BZ8BgVzm0AGxstNE+uBRZSMdNngPLIqSLWs23DLWkYS495Jzn
+hbkV6KedQWpcGF28pIyhGYUPzDDOnTAqQiSmByVyQdH6DXGnL4lqODsqPBxq6Uku
+gkVXZ7youhXVidTPVWgZBGHH0mMDz2oieXOwNClOgQKBgQDwlyeTtTMAiMEghzHj
+i8LAhmm99+GPyrZ/K48FwwL43hh2nQxMX7YnF5wdcTBq02B8up5GmGK3R2+9W+/K
+F5K6sdqLMUBaVqBMeuMiVnUkP/Gp7izueAmPsmTnfwXlhMRjNtn0XkXLlQjUH9yi
+j0PseRC/1VBpa3vy5zMO/AlaOQKBgQDSjCNcaZgUsCw1c5bBQ2nHqaBeLabli8NR
+DceexW+NV5/ikQtjaXVUdevNLKCBK7yWoHDmPN45ztmy/KrVFbbqDVu/zYP2774+
+Q19vAA/zh8bgxPOskRhn1IeCcDP51nUspEbdgWPnryXswwkymtU/ArB4dN2LqnhX
+Glxz4FxEmQKBgQCo7XkcfV4SQfNYo5Sj8L4N8FLOz/3QuMTrBeqmYQb1Nvx2TE8W
+UR3U1P8IrTER0NkuutnnN5gYmFAc5TC49VRRQg/xK+PDio+DI8XXll0p1rwYVOO3
+jREplFjFMqsxPMen4hunOYpIJ5zLVJPWkEFhCKB6EY0keBPPugZfvxfSAQKBgBAK
+bzM+NED3Pxb/bG/i8+8rRDWIotuAL2xAcYHuJtaM43h+dnCnezHpHgLusHfG3kJX
+jOJtpryevsU9LMK5OctRIzlUrgYlM8hIl7+8MHrsUEGVn774+vQGJCDS7ZLOPPUe
+uutrTTI8jNYh8dRyKWb4jHtQ5AQdA7gXIQ4O/NiZAoGBAKXUtvnNh+ZAb4ppx/FT
+r1UwTJHeUwQb4cwX1Wsjovmth9AAZUpKFzLd54lTXiePAmTjRklPsOcO37opMX7O
+M7Bh6b0NGJY9XZDRjFsBYiJ0uYVY+C6MpOh4jC8cuHbQLoMeLAwJnPuNbCU/iK06
+4YkAcR677qlN0YUfj8PfPYLg
+-----END PRIVATE KEY-----
@@ -1,10 +1,16 @@
 module main
 
-go 1.20
+go 1.22
+
+toolchain go1.22.2
 
 require (
+	github.com/ThalesIgnite/crypto11 v1.2.5
 	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/google/go-tpm v0.9.1
+	github.com/google/go-tpm-tools v0.4.4
 	github.com/salrashid123/golang-jwt-signer v0.0.0
+	github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240607212947-825eb0de11bc
 	github.com/salrashid123/signer/kms v0.0.0-20240506142117-142e7dba6e3a
 )
 
@@ -13,26 +19,30 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.1.7 // indirect
 	cloud.google.com/go/kms v1.15.8 // indirect
-	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-piv/piv-go v1.11.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-configfs-tsm v0.2.2 // indirect
+	github.com/google/go-sev-guest v0.9.3 // indirect
+	github.com/google/go-tdx-guest v0.3.1 // indirect
+	github.com/google/logger v1.1.1 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f // indirect
-	github.com/pkg/errors v0.8.1 // indirect
-	github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240509233410-a73ce04a2b72 // indirect
+	github.com/pborman/uuid v1.2.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.18.0 // indirect
 
@@ -1,5 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw=
+cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms=
 cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
 cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -28,8 +29,6 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg=
-github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -50,6 +49,10 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM=
+github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ=
+github.com/google/go-attestation v0.5.0 h1:jXtAWT2sw2Yu8mYU0BC7FDidR+ngxFPSE+pl6IUu3/0=
+github.com/google/go-attestation v0.5.0/go.mod h1:0Tik9y3rzV649Jcr7evbljQHQAsIlJucyqQjYDBqktU=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -58,24 +61,43 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98=
+github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo=
+github.com/google/go-sev-guest v0.9.3 h1:GOJ+EipURdeWFl/YYdgcCxyPeMgQUWlI056iFkBD8UU=
+github.com/google/go-sev-guest v0.9.3/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs=
+github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw=
+github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE=
+github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=
+github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98=
+github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY=
+github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=
+github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI=
+github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
+github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
 github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f h1:eVB9ELsoq5ouItQBr5Tj334bhPJG/MX+m7rTchmzVUQ=
 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
+github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240409112057-e6fd3b9f0945 h1:yowMf/xR/oeR642HGc1u1KmmXnWLk7C7qDs5niAFWoQ=
-github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240409112057-e6fd3b9f0945/go.mod h1:NbwMTv56G4w5oGGAfT5faUTaHbEQOIcFyG9957710FI=
-github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240509233410-a73ce04a2b72 h1:8RgerftuPvGEYnpAp5co/iajwpOQ+d+iD3di6jmDzco=
-github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240509233410-a73ce04a2b72/go.mod h1:NbwMTv56G4w5oGGAfT5faUTaHbEQOIcFyG9957710FI=
+github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240607212947-825eb0de11bc h1:5a3u2qh5xQ5XvnRhexUw1Gz/hWafV+hMLqDmQerYYgE=
+github.com/salrashid123/mtls_pkcs11/signer/pkcs v0.0.0-20240607212947-825eb0de11bc/go.mod h1:NbwMTv56G4w5oGGAfT5faUTaHbEQOIcFyG9957710FI=
 github.com/salrashid123/signer/kms v0.0.0-20240506142117-142e7dba6e3a h1:cK9mCrWgCaoM+CJ74bpZcedhEiw6RERhW6JU898OYv8=
 github.com/salrashid123/signer/kms v0.0.0-20240506142117-142e7dba6e3a/go.mod h1:v4n0rkyQNOMMOYqIpqN1WjRBTY1/zrArKOeen8dkYZ8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -86,6 +108,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg=
 github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -100,8 +123,11 @@ go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi
 go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
 go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
 go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
 go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -137,6 +163,7 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=