npm WARN deprecated [email protected]: TSD is deprecated in favor of Typings (https://github.com/typings/typings) - see DefinitelyTyped/tsd#269 for more information

Token flags

pkcs11js version: "1.0.17",

I have been testing node-webcrypto-p11 and graphene with a feitian epass2003 token on ubuntu18, and everything seems to work, I can login(auth) and sign some data..

now I'm trying to make it work on a raspberry (4.14.98-v7+ ARM7l debian/raspbian), most tools, works ok (I can login and list the private cert with pkcs11-tool --module /usr/lib/arm-linux-gnueabihf/opensc-pkcs11.so --login --list-objects)

but it gives me error on Node. I isolated up to pkcs11js if I try a pkcs11.C_Login it exists with a "Segmentation Fault" message and nothing more...

is there someway to get more information or debug logs? pcscd doesn't show anything unnatural BTW

now there are only two user types, how can I login as admin as in the original c package.

I see example https://www.npmjs.com/package/pkcs11js but I don't see the example If I want to use both private key and certificate to do digit sign.
Can someone show me example ?

According the docs this library is sync only. Is there a way to use it async?
This would be very usefull for the following calls:

• C_OpenSession/C_CloseSession
• C_Login/C_Logout
• C_SignInit
• C_Sign
• C_DestroyObject

As you guys can see on my issue title when I use the load method to load the library, It affects my app performance (Renderer process).
I'm using this module in my electron project. Let me show my problem details.
I have a screen to the user can insert their PIN.
After pressing the submit button, it redirects to the loading screen. In this screen, I have a loading animation. At the time the app calls the load method, the loading bar is hanged out for a while.

Could you guys help me to figure out this problem?

gyp ERR! build error
gyp ERR! stack Error: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Users\shutripathy\AppData\Roaming\npm\node_modules\npm\node_modules\node-gyp\lib\build.js:258:23)
gyp ERR! stack at emitTwo (events.js:125:13)
gyp ERR! stack at ChildProcess.emit (events.js:213:7)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
gyp ERR! System Windows_NT 10.0.14393
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Users\shutripathy\AppData\Roaming\npm\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\shutripathy\pkcs11js\node_modules\pkcs11js
gyp ERR! node -v v8.6.0
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

by methods: C_SignInit, C_SignUpdate , C_Sign or C_SignFinal

npm ERR! Failed at the [email protected] install script 'npm run build'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the pkcs11js package,

95 error argv "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" "install"
696 error node v6.9.1
697 error npm v3.10.8
698 error code ELIFECYCLE
699 error [email protected] install: npm run build
npm-debug.zip

I have Lunaclient that install in my server and it register to connet to HSM.
In HSM has Certificate PrivateKey and PublicKey
How can I get one of that to make sign

Hello,

I Believe I found a bug in the C_SignUpdate and C_VerifyUpdate for the ECDSA mechanism.
And I thought I should report it here to be registered.

I'm trying to sign/verify messages, but get an exception "CKR_OPERATION_NOT_INITIALIZED".

Here's some code where it happens:

// Initialize all things: lib, session, keys, etc
...

pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_ECDSA }, myPrivateKey);
pkcs11.C_SignUpdate(session, new Buffer("Tiago")); // Here, exception thrown
signature = pkcs11.C_SignFinal(session, new Buffer(64));
...

The same happens with C_VerifyUpdate.

I thought I was doing something wrong, but this following code, using C_Sign, works like a charm:

pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_ECDSA }, myPrivateKey);
var signature = pkcs11.C_Sign(session, new Buffer('Tiago'), new Buffer(64));

I don't have a clue why this happens.
I tried with the CKM_SHA256_RSA_PKCS sign mechanism and it works normally.

Well, that's it. If anyone needs more information, please let me know.

Cheers!

    const _pkcs11FindObjects = (pkcs11, pkcs11Session, pkcs11Template) => {
        pkcs11.C_FindObjectsInit(pkcs11Session, pkcs11Template);
        var objs = [];
        var obj = pkcs11.C_FindObjects(pkcs11Session);
        while (obj) {
            objs.push(obj);
            obj = pkcs11.C_FindObjects(pkcs11Session);
        }
        pkcs11.C_FindObjectsFinal(pkcs11Session);
        return objs;
    }    

    PrivKeysHandle = _pkcs11FindObjects(pkcs11, session, [
        { type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY },
        { type: pkcs11js.CKA_TOKEN, value: true },
        { type: pkcs11js.CKA_LABEL, value: "mylabel" },
    ])         
    
    // Get public_key_id...
    publicKeyId = pkcs11.C_GetAttributeValue(session, PrivKeysHandle[0], [{ type: 0x129 }])
    console.log('publicKey', publicKeyId[0].value.toString())

This not working
how i can get public key and pubKeyId from token ?
I have only private key on token

I'd like to verify that this module supports RSA encryption with public key.
There is an example in the README.md for signing/verifying, but how could I encrypt/decrypt with some RSA mechanism?

I wanted to generate a 32 bytes AES Secret Key with the code below. However, when I printed the length of the key, it is showing 8 instead of 32.

var path = require('path');
var pkcs11js = require("pkcs11js");
var crypto = require('crypto');
process.env['SOFTHSM2_CONF'] = path.resolve(__dirname, '../softhsm2.conf');

var pkcs11 = new pkcs11js.PKCS11();
pkcs11.load("/usr/local/Cellar/softhsm/2.4.0/lib/softhsm/libsofthsm2.so");

pkcs11.C_Initialize();

const _pkcs11FindObjects = (pkcs11, pkcs11Session, pkcs11Template) => {
    pkcs11.C_FindObjectsInit(pkcs11Session, pkcs11Template);
    var objs = [];
    var obj = pkcs11.C_FindObjects(pkcs11Session);
    while (obj) {
        objs.push(obj);
        obj = pkcs11.C_FindObjects(pkcs11Session);
    }
    pkcs11.C_FindObjectsFinal(pkcs11Session);
    return objs;
}

const _pkcs11Login = (slotNumber, pin) => {

    let s = null;
    try {
        const slots = pkcs11.C_GetSlotList(true);
        const slot = slots[slotNumber];
        var token_info = pkcs11.C_GetTokenInfo(slot);
        s = pkcs11.C_OpenSession(slot, pkcs11js.CKF_RW_SESSION | pkcs11js.CKF_SERIAL_SESSION);
        pkcs11.C_Login(s, 1, pin);
        return s;
    } catch (e) {
        if (s != null) {
            pkcs11.C_CloseSession(s);
        }
        pkcs11.C_Finalize();
    }

}

const _findAESKey = (session, ski) => {
    var secretKeyHandle = _pkcs11FindObjects(pkcs11, session, [{
            type: pkcs11js.CKA_ID,
            value: ski
        },
        {
            type: pkcs11js.CKA_CLASS,
            value: pkcs11js.CKO_SECRET_KEY
        }
    ]);

    if (secretKeyHandle.length == 1) {
        return secretKeyHandle[0];
    } else {
        return null;
    }
}

const _createAESKey = (session, ski) => {

    let key = _findAESKey(session, ski);
    if (key && key !== null) {
        console.log('Key already exists. No need to re-create');
        return;
    }

    var template = [{
            type: pkcs11js.CKA_ID,
            value: ski
        },
        {
            type: pkcs11js.CKA_CLASS,
            value: pkcs11js.CKO_SECRET_KEY
        },
        {
            type: pkcs11js.CKA_TOKEN,
            value: true
        },
        {
            type: pkcs11js.CKA_LABEL,
            value: "My AES Key"
        },
        {
            type: pkcs11js.CKA_VALUE_LEN,
            value: 32
        },
        {
            type: pkcs11js.CKA_ENCRYPT,
            value: true
        },
        {
            type: pkcs11js.CKA_DECRYPT,
            value: true
        },
        {
            type: pkcs11js.CKA_PRIVATE,
            value: true
        }
    ];
    pkcs11.C_GenerateKey(session, {
        mechanism: pkcs11js.CKM_AES_KEY_GEN
    }, template);
}

let session = _pkcs11Login(0, '98765432');
_createAESKey(session, `9Rf3uJ7CEdKIhUvQu/2KN8hK0Kce0zYfPXSc8xAK4Oc=`);
let key = _findAESKey(session, `9Rf3uJ7CEdKIhUvQu/2KN8hK0Kce0zYfPXSc8xAK4Oc=`);
console.log(`key length: ${key.length}`); //key length: 8

The reason is I want to encrypt data using the function below which requires a key length of 32.

const encryptString = (s, secret) => {
    const iv = crypto.randomBytes(16).toString('hex').slice(0, 16);
    const cipher = crypto.createCipheriv('aes-256-ctr', secret, iv);
    const encrypted = cipher.update(String(s), 'utf8', 'hex') + cipher.final('hex');
    return iv + encrypted;
}

let e = encryptString('shezhuan sauce', key);
console.log(`encrypted string: ${e}`);

The above code will generate Invalid key length error

I get a private key handle from Rutoken 2.0 ECP using your example:

var keys1 = {privateKey: null, publicKey: null};

pkcs11.C_FindObjectsInit(session, [
	{ type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY },
	{ type: pkcs11js.CKA_LABEL, value: label }
]);
var hObject = pkcs11.C_FindObjects(session);
while (hObject) {
	var attrs = pkcs11.C_GetAttributeValue(session, hObject, [
		{ type: pkcs11js.CKA_CLASS },
		{ type: pkcs11js.CKA_TOKEN },
		{ type: pkcs11js.CKA_LABEL }
	]);

	keys1.privateKey = hObject;
	hObject = pkcs11.C_FindObjects(session);
}
pkcs11.C_FindObjectsFinal(session);

I check that keys1.privateKey has a non null value, then try to initialize signing algorithm:

pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_GOSTR3410_WITH_GOSTR3411 }, keys1.privateKey);

But this returns an error:

Error: CKR_KEY_TYPE_INCONSISTENT:99
    at Error (native) crypto_init:563

Hello, I have a project that using attributes that are vendor attributes that start 0x40000000. I wonder how will it translate or convert values from JS layer to API. Like number to number/ string of number to number. Is there a way I can specific or understand how it works?

Hi,

I'm using a certified usb device to sign documents.

This my code:

var pkcs11js = require("./node_modules/pkcs11js");

var pkcs11 = new pkcs11js.PKCS11();
pkcs11.load("C:/Program Files/Gemalto/Classic Client/BIN/gclib.dll");

pkcs11.C_Initialize();

try {
// Getting info about PKCS11 Module
var module_info = pkcs11.C_GetInfo();
console.log("Module: ");
console.log(module_info);

// Getting list of slots
var slots = pkcs11.C_GetSlotList(true);
var slot = slots[0];
console.log("Slots: ");
console.log(slots);

// Getting info about slot
var slot_info = pkcs11.C_GetSlotInfo(slot);
console.log("Slot info: ");
console.log(slot_info);
// Getting info about token
var token_info = pkcs11.C_GetTokenInfo(slot);

// Getting info about Mechanism
var mechs = pkcs11.C_GetMechanismList(slot);
var mech_info = pkcs11.C_GetMechanismInfo(slot, mechs[0]);
console.log("Mechanisme ");
console.log(mech_info);

var session = pkcs11.C_OpenSession(slot, pkcs11js.CKF_RW_SESSION | pkcs11js.CKF_SERIAL_SESSION);
console.log("Session ");
console.log(session);

// Getting info about Session
var info = pkcs11.C_GetSessionInfo(session);
console.log("Session Info");
console.log(info);

pkcs11.C_Login(session, 1, "856489");

console.log("Info");    
console.log(pkcs11js.CKM_SHA256_RSA_PKCS);
console.log("Info 2"); 
console.log(pkcs11js.CKM_RSA_PKCS_KEY_PAIR_GEN);

var publicKeyTemplate = [
    { type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY },
    { type: pkcs11js.CKA_TOKEN, value: false },
    { type: pkcs11js.CKA_LABEL, value: "My RSA Public Key" },
    { type: pkcs11js.CKA_PUBLIC_EXPONENT, value: Buffer.from([1, 0, 1]) },
    { type: pkcs11js.CKA_MODULUS_BITS, value: 2048 },
    { type: pkcs11js.CKA_VERIFY, value: true }
];

console.log("Public Key");
console.log(publicKeyTemplate);
console.log(pkcs11js.CKO_PUBLIC_KEY);

var privateKeyTemplate = [
    { type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY },
    { type: pkcs11js.CKA_TOKEN, value: false },
    { type: pkcs11js.CKA_LABEL, value: "My RSA Private Key" },
    { type: pkcs11js.CKA_SIGN, value: true },
];

console.log("Private Key");
console.log(privateKeyTemplate);
console.log(pkcs11js.CKO_PRIVATE_KEY);

var keys = pkcs11.C_GenerateKeyPair(session, { mechanism: pkcs11js.CKM_RSA_PKCS_KEY_PAIR_GEN }, publicKeyTemplate, privateKeyTemplate);

console.log("Keys");
console.log(keys);

pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_SHA256_RSA_PKCS },
    keys.privateKey); 

pkcs11.C_SignUpdate(session, new Buffer("Incomming message 1"));
pkcs11.C_SignUpdate(session, new Buffer("Incomming message N"));

var signature = pkcs11.C_SignFinal(session, Buffer(256));

pkcs11.C_Logout(session);
pkcs11.C_CloseSession(session);

}
catch(e){
console.error(e);
}
finally {
pkcs11.C_Finalize();
}

When the program try to generate the keys "pkcs11.C_GenerateKeyPair", i get : " Error CKR_KEY_FUNCTION_NOT_PERMITTED:104".

Can you help me to resolve the problem ??

Current implementation has bytes -> string -> Buffer

https://github.com/PeculiarVentures/pkcs11js/blob/master/src/pkcs11/pkcs11.cpp#L575

WARNING in ./node_modules/node-gyp-build/index.js 20:15-54
Critical dependency: the request of a dependency is an expression
@ ./node_modules/utf-8-validate/index.js
@ ./node_modules/ws/lib/Validation.js
@ ./node_modules/ws/lib/Receiver.js
@ ./node_modules/ws/index.js
@ ./app/platform/electron/socket.js
@ ./app/platform/electron/index.js
@ ./app/core/ui.js
@ ./app/index.js
@ multi webpack-hot-middleware/client?path=http://localhost:3000/__webpack_hmr babel-polyfill ./app/index

ERROR in ./node_modules/pkcs11js/build/Release/pkcs11.node 1:2
Module parse failed: Unexpected character '�' (1:2)
You may need an appropriate loader to handle this file type.
(Source code omitted for this binary file)
@ ./node_modules/pkcs11js/index.js 2:0-44 2:0-44 8:21-59
@ ./node_modules/graphene-pk11/build/module.js
@ ./node_modules/graphene-pk11/build/index.js
@ ./app/views/login/form.js
@ ./app/views/login/index.js
@ ./app/views/index/app-view.js
@ ./app/views/index/index.js
@ ./app/index.js
@ multi webpack-hot-middleware/client?path=http://localhost:3000/__webpack_hmr babel-polyfill ./app/index

Node Version: 12.16.3
NPM Version: 6.14.4

I am getting this error when running npm install in my project directory. Is this an issue with my node version?

verbose stack Error: [email protected] install: `node-gyp rebuild`
8341 verbose stack Exit status 1
8341 verbose stack     at EventEmitter.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:332:16)
8341 verbose stack     at EventEmitter.emit (events.js:310:20)
8341 verbose stack     at ChildProcess.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14)
8341 verbose stack     at ChildProcess.emit (events.js:310:20)
8341 verbose stack     at maybeClose (internal/child_process.js:1021:16)
8341 verbose stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)
8342 verbose pkgid [email protected]
8343 verbose cwd /PATH/PATH/PATH
8344 verbose Darwin 19.3.0
8345 verbose argv "/usr/local/bin/node" "/usr/local/bin/npm" "i"
8346 verbose node v12.16.3
8347 verbose npm  v6.14.4
8348 error code ELIFECYCLE
8349 error errno 1
8350 error [email protected] install: `node-gyp rebuild`
8350 error Exit status 1
8351 error Failed at the [email protected] install script.

Hello. I want to add an extended rutoken C_EX_PKCS7Sign function into your library https://dev.rutoken.ru/pages/viewpage.action?pageId=3178555#id-%D0%9E%D0%BF%D0%B8%D1%81%D0%B0%D0%BD%D0%B8%D0%B5%D1%84%D1%83%D0%BD%D0%BA%D1%86%D0%B8%D0%B9%D1%80%D0%B0%D1%81%D1%88%D0%B8%D1%80%D0%B5%D0%BD%D0%B8%D1%8F-C_EX_PKCS7Sign()

How can I do this?

Thanks a lot for the pkcs11 interface for node.

One thing I would like to understand is that we are giving a key label during the key creation as well and then still we are passing an actual key during encryption and decryption methods.
Isn't there any way where in we can just pass the key label and the cleartext to encrypt and same key label and ciphertext to decrypt.
Furthermore, since this is a softhsm implementation. Are the keys stored permanently in the hsm. I was doing some tests on AES by generating the key and then by fetching the key as per the below 2 scenarios.

1. Generate the AES key and print it in the same session. It is working.

Mechanism Info: {"minKeySize":16,"maxKeySize":32,"flags":131840}
Key generated: {"type":"Buffer","data":[2,0,0,0]}
Var hObject is: {"type":"Buffer","data":[2,0,0,0]}
Crypto HSM server listener is active on 2099

2. Generate the AES key in one session. In the next session call only the print method. It is returning null.

Mechanism Info: {"minKeySize":16,"maxKeySize":32,"flags":131840}
Var hObject is: null
Crypto HSM server listener is active on 2099

Therefore, it seems keys are not persistent. Could you please help. I am new to hsm implementation.

I am developing in windows environment. I am getting such an error.

PS C:\Users\thzbr\Desktop\test> node .\app.js
C:\Users\thzbr\Desktop\test\app.js:7
pkcs11.C_Initialize();
       ^

Error: CKR_GENERAL_ERROR:5
    at Error (native) PKCS11::C_Initialize:170
    at Object.<anonymous> (C:\Users\thzbr\Desktop\test\app.js:7:8)
    at Module._compile (module.js:652:30)
    at Object.Module._extensions..js (module.js:663:10)
    at Module.load (module.js:565:32)
    at tryModuleLoad (module.js:505:12)
    at Function.Module._load (module.js:497:3)
    at Function.Module.runMain (module.js:693:10)
    at startup (bootstrap_node.js:188:16)
    at bootstrap_node.js:609:3

Can this library support SafeNet Payment HSM?
I need to use DUKPT and PIN module.

https://travis-ci.org/PeculiarVentures/pkcs11js/builds/537766758

I can't find a reason for this Segmentation fault

[root@localhost nodeTest]# npm install pkcs11js
npm WARN package.json [email protected] No repository field.
npm WARN package.json [email protected] No README data
\

[email protected] install /root/nodeTest/node_modules/pkcs11js
node-gyp rebuild

make: Entering directory `/root/nodeTest/node_modules/pkcs11js/build'
CXX(target) Release/obj.target/pkcs11/src/main.o
In file included from ../src/pkcs11/error.h:6:0,
from ../src/pkcs11/v8_convert.h:13,
from ../src/pkcs11/param.h:5,
from ../src/const.h:17,
from ../src/main.cpp:4:
../src/pkcs11/scope.h:7:1: error: expected unqualified-id before ‘using’
using Scoped = std::shared_ptr;
^
In file included from ../src/pkcs11/v8_convert.h:13:0,
from ../src/pkcs11/param.h:5,
from ../src/const.h:17,
from ../src/main.cpp:4:
../src/pkcs11/error.h:12:2: error: ‘Scoped’ does not name a type
Scoped stack;
[root@localhost nodeTest]# npm install pkcs11js
npm WARN package.json [email protected] No repository field.
npm WARN package.json [email protected] No README data
\

[email protected] install /root/nodeTest/node_modules/pkcs11js
node-gyp rebuild

make: Entering directory `/root/nodeTest/node_modules/pkcs11js/build'
CXX(target) Release/obj.target/pkcs11/src/main.o
In file included from ../src/pkcs11/error.h:6:0,
from ../src/pkcs11/v8_convert.h:13,
from ../src/pkcs11/param.h:5,
from ../src/const.h:17,
from ../src/main.cpp:4:
../src/pkcs11/scope.h:7:1: error: expected unqualified-id before ‘using’
using Scoped = std::shared_ptr;
^
In file included from ../src/pkcs11/v8_convert.h:13:0,
from ../src/pkcs11/param.h:5,
from ../src/const.h:17,
from ../src/main.cpp:4:
../src/pkcs11/error.h:12:2: error: ‘Scoped’ does not name a type
Scoped stack;

Hi Experts,
I am using Gemalto usb token for my Javascript application. I am accessing token's functionality through PKCS11 Javascript library.

I've been able to: Generate public and private key, encrypt/decrypt, sign/verify.

But the main problem is:
How can i read attributes of certificate stored inside the token using Javascript code?, so that I can move on to the next step, which will be the signature of the pdf document via this certificate (always using javascript).

I thoroughly looked through the PKCS#11 documentation, and over the Internet, but I couldn't find answer to my question.

I would appreciate any hints to solve this problem.
Thanks for help.

Sorry, this question may not be posted in the correct channel. but I am trying to figure out when to use which library. It feels like to me pkcs11js is a subset of the pkijs. If I just want to work with softhsm, then pkcs11js is enough for me. thanks,

2.30 specification has

• CKA_NAME_HASH_ALGORITHM
• CKA_COPYABLE

https://coveralls.io

when running the tests this error occurred which can be
D:\ProjetoJs\Desktop\pocDesktop\Certificado\graphene\graphene>npm run test

[email protected] test D:\ProjetoJs\Desktop\pocDesktop\Certificado\graphene\graphene
mocha

AES
1) "before all" hook
2) "after all" hook

Digest
3) "before all" hook
4) "after all" hook

ECDSA
5) "before all" hook
6) "after all" hook

Module
7) load
8) initialize/finalize
9) getSlots
10) props

Object
11) "before all" hook
12) "after all" hook

RSA
13) "before all" hook
14) "after all" hook

Session
15) "before all" hook
16) "after all" hook

Slot
17) "before all" hook
18) "after all" hook

0 passing (20ms)
18 failing

1. AES "before all" hook:
   Error: Win32 error 126
   at Error (native) PKCS11::Load:129
   at Function.Module.load (build\module.js:44:13)
   at Context. (test\aes.js:30:16)

2. AES "after all" hook:
   TypeError: Cannot read property 'finalize' of undefined
   at Context. (test\aes.js:43:13)

3. Digest "before all" hook:
   Error: Win32 error 126
   at Error (native) PKCS11::Load:129
   at Function.Module.load (build\module.js:44:13)
   at Context. (test\digest.js:13:22)

4. Digest "after all" hook:
   TypeError: Cannot read property 'closeAll' of undefined
   at Context. (test\digest.js:19:14)

5. ECDSA "before all" hook:
   Error: Win32 error 126
   at Error (native) PKCS11::Load:129
   at Function.Module.load (build\module.js:44:13)
   at Context. (test\ec.js:30:22)

6. ECDSA "after all" hook:
   TypeError: Cannot read property 'finalize' of undefined
   at Context. (test\ec.js:43:13)

7. Module load:
   Error: Win32 error 126
   at Error (native) PKCS11::Load:129
   at Function.Module.load (build\module.js:44:13)
   at Context. (test\module.js:16:23)

8. Module initialize/finalize:
   AssertionError [ERR_ASSERTION]: Got unwanted exception.
   at innerThrows (assert.js:653:7)
   at Function.doesNotThrow (assert.js:665:3)
   at Context. (test\module.js:20:16)

9. Module getSlots:
   Error: Win32 error 126
   at Error (native) PKCS11::Load:129
   at Function.Module.load (build\module.js:44:13)
   at Context. (test\module.js:29:26)

10. Module props:
    Error: Win32 error 126
    at Error (native) PKCS11::Load:129
    at Function.Module.load (build\module.js:44:13)
    at Context. (test\module.js:39:26)

11. Object "before all" hook:
    Error: Win32 error 126
    at Error (native) PKCS11::Load:129
    at Function.Module.load (build\module.js:44:13)
    at Context. (test\object.js:14:22)

12. Object "after all" hook:
    TypeError: Cannot read property 'logout' of undefined
    at Context. (test\object.js:25:17)

13. RSA "before all" hook:
    Error: Win32 error 126
    at Error (native) PKCS11::Load:129
    at Function.Module.load (build\module.js:44:13)
    at Context. (test\rsa.js:30:22)

14. RSA "after all" hook:
    TypeError: Cannot read property 'finalize' of undefined
    at Context. (test\rsa.js:40:13)

15. Session "before all" hook:
    Error: Win32 error 126
    at Error (native) PKCS11::Load:129
    at Function.Module.load (build\module.js:44:13)
    at Context. (test\session.js:13:22)

16. Session "after all" hook:
    TypeError: Cannot read property 'finalize' of undefined
    at Context. (test\session.js:21:13)

17. Slot "before all" hook:
    Error: Win32 error 126
    at Error (native) PKCS11::Load:129
    at Function.Module.load (build\module.js:44:13)
    at Context. (test\slot.js:12:22)

18. Slot "after all" hook:
    TypeError: Cannot read property 'finalize' of undefined
    at Context. (test\slot.js:17:13)

npm ERR! code ELIFECYCLE
npm ERR! errno 18
npm ERR! [email protected] test: mocha
npm ERR! Exit status 18
npm ERR!
npm ERR! Failed at the [email protected] test script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Anizair\AppData\Roaming\npm-cache_logs\2017-10-19T13_06_27_398Z-debug.log

I'm using Windows 7 64bit with SoftHSM2

For each (type, pValue, ulValueLen) triple in the template, C_GetAttributeValue performs the following algorithm:

• If the specified attribute (i.e., the attribute specified by the type field) for the object cannot be revealed because the object is sensitive or unextractable, then the ulValueLen field in that triple is modified to hold the value -1 (i.e., when it is cast to a CK_LONG, it holds -1).
• Otherwise, if the specified attribute for the object is invalid (the object does not possess such an attribute), then the ulValueLen field in that triple is modified to hold the value -1.
• Otherwise, if the pValue field has the value NULL_PTR, then the ulValueLen field is modified to hold the exact length of the specified attribute for the object.
• Otherwise, if the length specified in ulValueLen is large enough to hold the value of the specified attribute for the object, then that attribute is copied into the buffer located at pValue, and the ulValueLen field is modified to hold the exact length of the attribute.
• Otherwise, the ulValueLen field is modified to hold the value -1.

when will support for ed25519 be added? Is this a work in progress?

I am trying to sign a PDF signature using a Gemalto USB Key Smart Card. I am able to find the slot, open session and generally access it, but I am not able to Login with PIN.

Usually you have to enter the PIN during the signing process, for example you select the certificate from the list in Adobe Reader, then choose to sign with it after which you are shown the window to enter the PIN.

C_Login & C_Logout both return CKR_FUNCTION_NOT_SUPPORTED.

Here is some info and the code.

Using pvpkcs11.dll as library (from Fortify app).
C_GetInfo

C_GetSlotInfo

C_GetTokenInfo (seems to be lacking data)

While trying to login, I receive the following error:
**pkcs11.C_Login(session, 1, 1234);**

HOWEVER if I comment out the login, the rest of the signing process successfully completes and the verfication of the signature returns as true. Afterwards I attach this signature to an actual PDF document on the server side (C# .NET Core), where it shows as invalid.

const lib = 'pvpkcs11_fortify.dll';
const pkcs11 = new pkcs11js.PKCS11();
pkcs11.load(lib);
pkcs11.C_Initialize();

const slots = pkcs11.C_GetSlotList(true);
const slot = slots[1];

const session = pkcs11.C_OpenSession(slot, pkcs11js.CKF_SERIAL_SESSION);
// pkcs11.C_Login(session, 1, 1234); // GEMALTO UNSUPPORTED?

const publicKeyTemplate = [
  { type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY },
  { type: pkcs11js.CKA_TOKEN, value: false },
  { type: pkcs11js.CKA_LABEL, value: 'My RSA Public Key' },
  { type: pkcs11js.CKA_PUBLIC_EXPONENT, value: Buffer.from([1, 0, 1]) },
  { type: pkcs11js.CKA_MODULUS_BITS, value: 2048 },
  { type: pkcs11js.CKA_VERIFY, value: true }
];

const privateKeyTemplate = [
  { type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY },
  { type: pkcs11js.CKA_TOKEN, value: false },
  { type: pkcs11js.CKA_LABEL, value: 'My RSA Private Key' },
  { type: pkcs11js.CKA_SIGN, value: true },
];

const keys = pkcs11.C_GenerateKeyPair(session, { mechanism: pkcs11js.CKM_RSA_PKCS_KEY_PAIR_GEN }, publicKeyTemplate, privateKeyTemplate);

pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_SHA256_RSA_PKCS }, keys.privateKey);

const pdfBinary = decodeFromBase64(bytesToSign); // data to sign

pkcs11.C_SignUpdate(session, new Buffer(pdfBinary));

const signature = pkcs11.C_SignFinal(session, new Buffer(256));

pkcs11.C_VerifyInit(session, { mechanism: pkcs11js.CKM_SHA256_RSA_PKCS }, keys.publicKey);

pkcs11.C_VerifyUpdate(session, new Buffer(pdfBinary));

const verify = pkcs11.C_VerifyFinal(session, signature);

// pkcs11.C_Logout(session); // GEMALTO UNSUPPORTED?
pkcs11.C_CloseSession(session);

Source code:

const sig = pkcs11.C_Sign(pkcs11Session, digest,
				Buffer.alloc(this._keySize));

The digest is 'Hello World!' with buffer.from parse.

Node version: 8.16.0.
Platform: Ubuntu.
Function call: pkcs11.C_Sign().
Error msg: Segmentation fault (core dumped).
Package version: [email protected].

I have tried the newest pkcs11js version and it didn't work anyway.

Hi, having trouble doing npm install.

Please can you help? Thanks!

0 info it worked if it ends with ok
1 verbose cli [ '/usr/local/bin/node', '/usr/local/bin/npm', 'run', 'build' ]
2 info using [email protected]
3 info using [email protected]
4 verbose run-script [ 'prebuild', 'build', 'postbuild' ]
5 info lifecycle [email protected]prebuild: [email protected]
6 info lifecycle [email protected]build: [email protected]
7 verbose lifecycle [email protected]build: unsafe-perm in lifecycle true
8 verbose lifecycle [email protected]build: PATH: /usr/local/lib/node_modules/npm/bin/node-gyp-bin:/Users/projectpath/node_modules/pkcs11js/node_modules/.bin:/Users/projectpath$
9 verbose lifecycle [email protected]build: CWD: /Users/projectpath/node_modules/pkcs11js
10 silly lifecycle [email protected]build: Args: [ '-c', 'node-gyp configure build' ]
11 silly lifecycle [email protected]build: Returned: code: 1 signal: null
12 info lifecycle [email protected]build: Failed to exec build script
13 verbose stack Error: [email protected] build: node-gyp configure build
13 verbose stack Exit status 1
13 verbose stack at EventEmitter. (/usr/local/lib/node_modules/npm/lib/utils/lifecycle.js:289:16)
13 verbose stack at emitTwo (events.js:125:13)
13 verbose stack at EventEmitter.emit (events.js:213:7)
13 verbose stack at ChildProcess. (/usr/local/lib/node_modules/npm/lib/utils/spawn.js:40:14)
13 verbose stack at emitTwo (events.js:125:13)
13 verbose stack at ChildProcess.emit (events.js:213:7)
13 verbose stack at maybeClose (internal/child_process.js:927:16)
13 verbose stack at Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)
14 verbose pkgid [email protected]
15 verbose cwd /Users/projectpath/node_modules/pkcs11js
16 verbose Darwin 16.7.0
17 verbose argv "/usr/local/bin/node" "/usr/local/bin/npm" "run" "build"
18 verbose node v8.4.0
19 verbose npm v5.3.0
20 error code ELIFECYCLE
21 error errno 1
22 error [email protected] build: node-gyp configure build
22 error Exit status 1
23 error Failed at the [email protected] build script.
23 error This is probably not a problem with npm. There is likely additional logging output above.
24 verbose exit [ 1, true ]

"This was developed to the PKCS#11 2.3 specification, the 2.4 headers were not availible at the time we created this, it should be easy enough to extend it for the new version at a later date."

This needs to be corrected - there is no such version as 2.3 or 2.4 - there is 2.30 and 2.40
The official current version is 2.40
The OASIS PKCS#11 technical committee are working on 3.0

I'm using graphene to try to wrap an AES key stored in SoftHSM2. Here is the code:

mech = { name: 'AES_KEY_WRAP', params: new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]) }; 
wKey = _session.wrapKey(mech, wrappingKeyObj, keyObj); 

I get the following error:
CKR_MECHANISM_INVALID:112\n at Error (native) C_WrapKey:949

I noticed the values for AES_KEY_WRAP are different in pkcs11js and SoftHSM2 as follows:

Pkcs11js:
#define CKM_AES_KEY_WRAP 0x00001090

SoftHSM2:
#define CKM_AES_KEY_WRAP (0x2109UL)

Is there a workaround for this?

Thanks,
Jas

CKU_SO, CKU_USER, CKU_CONTEXT_SPECIFIC

Pulling C_GetSlotList
http://stackoverflow.com/questions/943678/detect-pkcs11-token-to-be-inserted-removed-in-java

@rmhrisk: Is it ok?

It Appears every time I am trying to build a project with pkcs11js as a dependency, it fails upon tying to execute the install scripts.

We should change NAN to N-API

https://nodejs.org/dist/latest-v10.x/docs/api/n-api.html

Hi.
I'm currently making a webapp with React, and I would like users to be able to use their smartcard to authenticate their id.

Using pkcs11-tool on command line worked perfect with my smartcard. Now how can I integrate it with my webapp? Is this the right package? I'm kind of lost...

when invoking function that requires template, for example C_GenerateKeyPair, if we want to pass in some CK_ULONG type attribute in the template, for example CKA_KEY_TYPE, the value could not be passed correctly on s390x.

if we look at function v2c_ATTRIBUTE in file src/pkcs11/template.cpp, when v8Value->IsNumber() is true, if we try to print both value of "num" and value of *(CK_ULONG*)attr->pValue using format %lu, we will see they actually have different value.
change the way to copy value of num to attr-pValue can fix the problem:
*(CK_ULONG*)attr->pValue = num;

We can add generation of JSDOC derived documentation via docdash: https://github.com/clenemt/docdash

"script": {
"generate-docs": "node_modules/.bin/jsdoc -c jsdoc.json"
}
This way we can have standalone documentation showing how to use the library.

I trying example in the read me to Create Object with Yubikey 4.

I get Error: CKR_TEMPLATE_INCOMPLETE:208

when calling:

var nObject = pkcs11.C_CreateObject(session, [
{ type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_DATA },
{ type: pkcs11js.CKA_TOKEN, value: false },
{ type: pkcs11js.CKA_PRIVATE, value: false },
{ type: pkcs11js.CKA_LABEL, value: "My Label" },
]);

Any suggestions please?

Hi,

We are using the pkcs11js library, version 1.0.9 in combination with SoftHSMv2.

Everything worked fine until recently we added a module that relies on the native crypto module for signing purposes. Once the pkcs11js lib is loaded the signing fails, complaining about a shared library that could not be loaded. In the demo snippet below, sign try 1 works and sign try 2 fails.

Any hints on what the root cause might be, an maybe some hints for a solution? It looks that both libraries are accessing the same (libcrypto?) shared library, causing issues.

Node Version: 8.4.0

Demo Snippet

const crypto = require('crypto');
const pkcs11js = require('pkcs11js');
const fs = require('fs');

const privKey = fs.readFileSync('./test');
const privKeyString = privKey.toString('ascii'); 


function mainTest() {


  const thing = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRGVTNDUTNYNTgifQ.eyJpYXQiOjE1MDcyNzU5NTAsImlzcyI6IjcySzhRV1ZSRVQifQ';
  console.log('CREATE SIGN');
  
  // SIGN TRY 1
  const signer = crypto.createSign('RSA-SHA256');
  console.log('SIGNING')
  const res = (signer.update(thing), signer.sign(privKey));
  console.log(res);
  
  // LOAD PKCS11 With SoftHSM
  console.log('LOAD PKCS11');
  const pkcs11 = new pkcs11js.PKCS11();
  pkcs11.load('/usr/local/lib/softhsm/libsofthsm2.so');
  pkcs11.C_Initialize();
  const slots = pkcs11.C_GetSlotList(true);
  const slot = slots[0];
  const session = pkcs11.C_OpenSession(slot, pkcs11js.CKF_RW_SESSION | pkcs11js.CKF_SERIAL_SESSION);
  pkcs11.C_Login(session, 1, "1234");

  // SIGN TRY 2
  const signer2 = crypto.createSign('RSA-SHA256');
  console.log('SIGNING 2')
  const res2 = (signer2.update(thing), signer2.sign(privKey));
  console.log(res2);
}

try {
  mainTest();
} catch(e) {
  console.log("ERROR");
  console.log(e);
}

Resulting Error

Error: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library
    at Sign.sign (crypto.js:329:26)
    at mainTest (/usr/src/test/app.js:38:48)
    at Object.<anonymous> (/usr/src/test/app.js:47:3)
    at Module._compile (module.js:573:30)
    at Object.Module._extensions..js (module.js:584:10)
    at Module.load (module.js:507:32)
    at tryModuleLoad (module.js:470:12)
    at Function.Module._load (module.js:462:3)
    at Function.Module.runMain (module.js:609:10)
    at startup (bootstrap_node.js:158:16)

Hi,
First i would like to thanks you for develloping such project.

I would like to use a vendor derivation mechanism that expect such structure:

typedef struct CK_VENDOR_DERIVE_PARAMS {
    CK_ATTRIBUTE_PTR pPublicKeyTemplate;
    CK_ULONG ulPublicKeyAttributeCount;
    CK_ATTRIBUTE_PTR pPrivateKeyTemplate;
    CK_ULONG ulPrivateKeyAttributeCount;
    CK_OBJECT_HANDLE hPublicKey; // output parameter
    CK_OBJECT_HANDLE hPrivateKey; // output parameter
} CK_VENDOR_DERIVE_PARAMS;

to be passed as deriveMech.pParameter = &vendor_Params;
i try to get inspiration from param_ecdh
Yet, i'm not expert in node binding, and before commiting to much time in finding a nasty way to do this :) maybe you can point me the right way to pass template definition from v8 to c++
Thanks.