A Go library for interfacing with Trusted Platform Module (TPM) devices. This library enables applications to:
- Connect to a local TPM device
- Generate and use TPM-backed keys for cryptographic operations
- Perform signing operations using ECDSA
- Execute ECDH key exchanges
- Access TPM's hardware random number generator
- Generate attestation data
- Create BottleFmt-compatible ID cards and keychains
go get github.com/KarpelesLab/tpmlibimport (
"crypto"
"crypto/rand"
"github.com/BottleFmt/gobottle"
"github.com/KarpelesLab/tpmlib"
)
func signSomething(v []byte) ([]byte, error) {
k, err := tpmlib.GetKey()
if err != nil {
return nil, err
}
return k.Sign(rand.Reader, gobottle.Hash(v, crypto.SHA256), crypto.SHA256)
}import (
"crypto/ecdh"
"github.com/KarpelesLab/tpmlib"
)
func performECDH(remotePubKey *ecdh.PublicKey) ([]byte, error) {
k, err := tpmlib.GetKey()
if err != nil {
return nil, err
}
// Get shared secret
return k.ECDH(remotePubKey)
}import "github.com/KarpelesLab/tpmlib"
func getRandomBytes(size int) ([]byte, error) {
k, err := tpmlib.GetKey()
if err != nil {
return nil, err
}
// Use TPM as a source of randomness
data := make([]byte, size)
_, err = k.Read(data)
if err != nil {
return nil, err
}
return data, nil
}import "github.com/KarpelesLab/tpmlib"
func getIDCard() (*gobottle.IDCard, error) {
k, err := tpmlib.GetKey()
if err != nil {
return nil, err
}
// Generate an unsigned ID card
return k.IDCard()
}- Linux: Uses
/dev/tpmrm0then falls back to/dev/tpm0 - Windows: Connects to the TPM using platform-specific mechanisms
- Thread-safe TPM access with proper locking
- Singleton TPM connection to avoid resource conflicts
- Support for NIST P-256 elliptic curve cryptography
- Compatible with the BottleFmt ecosystem
- Self-test functionality to verify TPM operations
# Build the library
go build -v
# Run tests
go test -v
# Run a specific test
go test -v -run TestNameSee the LICENSE file for details.