How to use pkcs11js - 10 common examples
To help you get started, we’ve selected a few pkcs11js examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PeculiarVentures / graphene / test / object.ts View on Github 
after(() => {
object.destroy();
// set default value for objectId
graphene.registerAttribute(attrName, pkcs11.CKA_LABEL, "string");
});before(() => {
object = session.create({
class: graphene.ObjectClass.DATA,
label: "data.set",
objectId: Buffer.from("my custom id"),
token: false,
value: Buffer.from("Hello"),
});
// change default type of attribute
graphene.registerAttribute(attrName, pkcs11.CKA_LABEL, "buffer");
});import * as pkcs11js from "pkcs11js";
const libPath = "C:\\tmp\\rtpkcs11ecp.dll";
let pkcs11 = new pkcs11js.PKCS11();
pkcs11.load(libPath);
pkcs11.C_Initialize();
try {
// Getting info about PKCS11 Module
let module_info = pkcs11.C_GetInfo();
// Getting list of slots
let slots = pkcs11.C_GetSlotList(true);
let slot = slots[0];
// Getting info about slot
let slot_info = pkcs11.C_GetSlotInfo(slot);
// Getting info about token
let token_info = pkcs11.C_GetTokenInfo(slot);_pkcs11CreateObject(pkcs11, pkcs11Session, key, pkcs11Token) {
const ski = this._ski();
const keyTemplate = [
{type: pkcs11js.CKA_ID, value: ski},
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_SECRET_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_AES},
// SoftHSMv2 prohibits specifying CKA_VALUE_LEN
// { type: pkcs11js.CKA_VALUE_LEN, value: key.length },
{type: pkcs11js.CKA_VALUE, value: key},
{type: pkcs11js.CKA_ENCRYPT, value: true},
{type: pkcs11js.CKA_DECRYPT, value: true},
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token}
];
const handle = pkcs11.C_CreateObject(pkcs11Session, keyTemplate);
return {ski, key: handle};
}/* CKA_TRUSTED is new for v2.11 */
trusted: { v: pkcs11.CKA_TRUSTED, t: TYPE_BOOL },
/* CKA_CERTIFICATE_CATEGORY ...
* CKA_CHECK_VALUE are new for v2.20 */
certCategory: { v: pkcs11.CKA_CERTIFICATE_CATEGORY, t: TYPE_NUMBER },
javaDomain: { v: pkcs11.CKA_JAVA_MIDP_SECURITY_DOMAIN, t: TYPE_NUMBER },
url: { v: pkcs11.CKA_URL, t: TYPE_STRING },
ski: { v: pkcs11.CKA_HASH_OF_SUBJECT_PUBLIC_KEY, t: TYPE_BUFFER },
aki: { v: pkcs11.CKA_HASH_OF_ISSUER_PUBLIC_KEY, t: TYPE_BUFFER },
// digestName: { v: pkcs11.CKA_NAME_HASH_ALGORITHM, t: TYPE_NUMBER },
checkValue: { v: pkcs11.CKA_CHECK_VALUE, t: TYPE_BUFFER },
keyType: { v: pkcs11.CKA_KEY_TYPE, t: TYPE_NUMBER },
subject: { v: pkcs11.CKA_SUBJECT, t: TYPE_BUFFER },
id: { v: pkcs11.CKA_ID, t: TYPE_BUFFER },
sensitive: { v: pkcs11.CKA_SENSITIVE, t: TYPE_BOOL },
encrypt: { v: pkcs11.CKA_ENCRYPT, t: TYPE_BOOL },
decrypt: { v: pkcs11.CKA_DECRYPT, t: TYPE_BOOL },
wrap: { v: pkcs11.CKA_WRAP, t: TYPE_BOOL },
unwrap: { v: pkcs11.CKA_UNWRAP, t: TYPE_BOOL },
sign: { v: pkcs11.CKA_SIGN, t: TYPE_BOOL },
signRecover: { v: pkcs11.CKA_SIGN_RECOVER, t: TYPE_BOOL },
verify: { v: pkcs11.CKA_VERIFY, t: TYPE_BOOL },
verifyRecover: { v: pkcs11.CKA_VERIFY_RECOVER, t: TYPE_BOOL },
derive: { v: pkcs11.CKA_DERIVE, t: TYPE_BOOL },
startDate: { v: pkcs11.CKA_START_DATE, t: TYPE_DATE },
endDate: { v: pkcs11.CKA_END_DATE, t: TYPE_DATE },
modulus: { v: pkcs11.CKA_MODULUS, t: TYPE_BUFFER },
modulusBits: { v: pkcs11.CKA_MODULUS_BITS, t: TYPE_NUMBER },
publicExponent: { v: pkcs11.CKA_PUBLIC_EXPONENT, t: TYPE_BUFFER },
privateExponent: { v: pkcs11.CKA_PRIVATE_EXPONENT, t: TYPE_BUFFER },{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_SIGN, value: true},
{type: pkcs11js.CKA_DERIVE, value: true}
];
const publicKeyTemplate = [
// { type: pkcs11js.CKA_ID, value: ski },
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: false},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_VERIFY, value: true},
{
type: pkcs11js.CKA_EC_PARAMS,
value: Buffer.from(_pkcs11ParamsSizeToOid[this._keySize], 'hex')
}
];
/*
* Call PKCS11 API to generate the key pair.
*
* Return public and private key handles.
*/
const handles = pkcs11.C_GenerateKeyPair(
pkcs11Session, {mechanism: pkcs11js.CKM_EC_KEY_PAIR_GEN},
publicKeyTemplate, privateKeyTemplate);
/*
* Template for querying key attributes (debug only).
*/
const objectTemplate = [* CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
* and CKA_EC_POINT are new for v2.0 */
extractable: { v: pkcs11.CKA_EXTRACTABLE, t: TYPE_BOOL },
local: { v: pkcs11.CKA_LOCAL, t: TYPE_BOOL },
neverExtractable: { v: pkcs11.CKA_NEVER_EXTRACTABLE, t: TYPE_BOOL },
alwaysSensitive: { v: pkcs11.CKA_ALWAYS_SENSITIVE, t: TYPE_BOOL },
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
keyGenMechanism: { v: pkcs11.CKA_KEY_GEN_MECHANISM, t: TYPE_NUMBER },
modifiable: { v: pkcs11.CKA_MODIFIABLE, t: TYPE_BOOL },
/* CKA_ECDSA_PARAMS is deprecated in v2.11,
* CKA_EC_PARAMS is preferred. */
paramsECDSA: { v: pkcs11.CKA_ECDSA_PARAMS, t: TYPE_BUFFER },
paramsEC: { v: pkcs11.CKA_EC_PARAMS, t: TYPE_BUFFER },
pointEC: { v: pkcs11.CKA_EC_POINT, t: TYPE_BUFFER },
/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
* are new for v2.10. Deprecated in v2.11 and onwards. */
secondaryAuth: { v: pkcs11.CKA_SECONDARY_AUTH, t: TYPE_BOOL },
authPinFlags: { v: pkcs11.CKA_AUTH_PIN_FLAGS, t: TYPE_BUFFER },
/* CKA_ALWAYS_AUTHENTICATE ...
* CKA_UNWRAP_TEMPLATE are new for v2.20 */
alwaysAuth: { v: pkcs11.CKA_ALWAYS_AUTHENTICATE, t: TYPE_BUFFER },
wrapWithTrusted: { v: pkcs11.CKA_WRAP_WITH_TRUSTED, t: TYPE_BUFFER },
wrapTemplate: { v: pkcs11.CKA_WRAP_TEMPLATE, t: TYPE_BUFFER },
unwrapTemplate: { v: pkcs11.CKA_UNWRAP_TEMPLATE, t: TYPE_BUFFER },javaDomain: { v: pkcs11.CKA_JAVA_MIDP_SECURITY_DOMAIN, t: TYPE_NUMBER },
url: { v: pkcs11.CKA_URL, t: TYPE_STRING },
ski: { v: pkcs11.CKA_HASH_OF_SUBJECT_PUBLIC_KEY, t: TYPE_BUFFER },
aki: { v: pkcs11.CKA_HASH_OF_ISSUER_PUBLIC_KEY, t: TYPE_BUFFER },
// digestName: { v: pkcs11.CKA_NAME_HASH_ALGORITHM, t: TYPE_NUMBER },
checkValue: { v: pkcs11.CKA_CHECK_VALUE, t: TYPE_BUFFER },
keyType: { v: pkcs11.CKA_KEY_TYPE, t: TYPE_NUMBER },
subject: { v: pkcs11.CKA_SUBJECT, t: TYPE_BUFFER },
id: { v: pkcs11.CKA_ID, t: TYPE_BUFFER },
sensitive: { v: pkcs11.CKA_SENSITIVE, t: TYPE_BOOL },
encrypt: { v: pkcs11.CKA_ENCRYPT, t: TYPE_BOOL },
decrypt: { v: pkcs11.CKA_DECRYPT, t: TYPE_BOOL },
wrap: { v: pkcs11.CKA_WRAP, t: TYPE_BOOL },
unwrap: { v: pkcs11.CKA_UNWRAP, t: TYPE_BOOL },
sign: { v: pkcs11.CKA_SIGN, t: TYPE_BOOL },
signRecover: { v: pkcs11.CKA_SIGN_RECOVER, t: TYPE_BOOL },
verify: { v: pkcs11.CKA_VERIFY, t: TYPE_BOOL },
verifyRecover: { v: pkcs11.CKA_VERIFY_RECOVER, t: TYPE_BOOL },
derive: { v: pkcs11.CKA_DERIVE, t: TYPE_BOOL },
startDate: { v: pkcs11.CKA_START_DATE, t: TYPE_DATE },
endDate: { v: pkcs11.CKA_END_DATE, t: TYPE_DATE },
modulus: { v: pkcs11.CKA_MODULUS, t: TYPE_BUFFER },
modulusBits: { v: pkcs11.CKA_MODULUS_BITS, t: TYPE_NUMBER },
publicExponent: { v: pkcs11.CKA_PUBLIC_EXPONENT, t: TYPE_BUFFER },
privateExponent: { v: pkcs11.CKA_PRIVATE_EXPONENT, t: TYPE_BUFFER },
prime1: { v: pkcs11.CKA_PRIME_1, t: TYPE_BUFFER },
prime2: { v: pkcs11.CKA_PRIME_2, t: TYPE_BUFFER },
exp1: { v: pkcs11.CKA_EXPONENT_1, t: TYPE_BUFFER },
exp2: { v: pkcs11.CKA_EXPONENT_2, t: TYPE_BUFFER },
coefficient: { v: pkcs11.CKA_COEFFICIENT, t: TYPE_BUFFER },
prime: { v: pkcs11.CKA_PRIME, t: TYPE_BUFFER },_pkcs11GenerateECKeyPair(pkcs11, pkcs11Session, pkcs11Token) {
// var ski = this._ski();
const privateKeyTemplate = [
// { type: pkcs11js.CKA_ID, value: ski },
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_SIGN, value: true},
{type: pkcs11js.CKA_DERIVE, value: true}
];
const publicKeyTemplate = [
// { type: pkcs11js.CKA_ID, value: ski },
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: false},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_VERIFY, value: true},
{
type: pkcs11js.CKA_EC_PARAMS,
value: Buffer.from(_pkcs11ParamsSizeToOid[this._keySize], 'hex')
}
];
/*const privateKeyTemplate = [
// { type: pkcs11js.CKA_ID, value: ski },
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_SIGN, value: true},
{type: pkcs11js.CKA_DERIVE, value: true}
];
const publicKeyTemplate = [
// { type: pkcs11js.CKA_ID, value: ski },
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_EC},
{type: pkcs11js.CKA_PRIVATE, value: false},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token},
{type: pkcs11js.CKA_VERIFY, value: true},
{
type: pkcs11js.CKA_EC_PARAMS,
value: Buffer.from(_pkcs11ParamsSizeToOid[this._keySize], 'hex')
}
];
/*
* Call PKCS11 API to generate the key pair.
*
* Return public and private key handles.
*/
const handles = pkcs11.C_GenerateKeyPair(
pkcs11Session, {mechanism: pkcs11js.CKM_EC_KEY_PAIR_GEN},
publicKeyTemplate, privateKeyTemplate);
/*
* Template for querying key attributes (debug only).pkcs11js
A Node.js implementation of the PKCS#11 2.40 interface
Package Health Score
75 / 100Popular pkcs11js functions
- pkcs11js.CKA_CLASS
- pkcs11js.CKA_DECRYPT
- pkcs11js.CKA_DERIVE
- pkcs11js.CKA_EC_PARAMS
- pkcs11js.CKA_ENCRYPT
- pkcs11js.CKA_ID
- pkcs11js.CKA_KEY_TYPE
- pkcs11js.CKA_LABEL
- pkcs11js.CKA_MODULUS_BITS
- pkcs11js.CKA_PRIVATE
- pkcs11js.CKA_PUBLIC_EXPONENT
- pkcs11js.CKA_SIGN
- pkcs11js.CKA_TOKEN
- pkcs11js.CKA_VALUE_LEN
- pkcs11js.CKA_VERIFY
- pkcs11js.CKM_AES_KEY_GEN
- pkcs11js.CKM_EC_KEY_PAIR_GEN
- pkcs11js.CKM_ECDSA_KEY_PAIR_GEN
- pkcs11js.CKM_RSA_PKCS_KEY_PAIR_GEN
- pkcs11js.PKCS11