The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.
Interface Summary
The Abstract PKCS #11 smartcard interface is summarised in the following snippet:
For more information on how to configure the JS client library see Configuration.
constwinLocation="C:\\Windows\\System32\\eTPKCS11.dll"constmacLocation="/usr/local/lib/libeTPkcs11.dylib";T1CSdk.T1CClient.initialize(config).then(res => { client = res;console.log("Client config: ",client.localConfig) core =client.core();// Depending on the OS select the appropriate location of the libraryconstpkcs11=client.pkcs11(winLocation);}, err => {});
Depending on the OS you need to provide a valid location to the desired PKCS11 library to be used.
To successfully sign data, we need the following parameters:
Slot ID of the token to use
Certificate ID of the signing certificate
PIN code
Hashed data to sign
Hashing algorithm used
The slot id can be found using either a call to slots, slotsWithTokenPresent. Once the slot id is found, the certificates can be retrieved with a call to certificates. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:
The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback: