Sample code uses ES6 language features such as arrow functions and promises. For compatibility with IE11, code written with these features must be either transpiled using tools like Babel or refactored accordingly using callbacks.
Introduction
The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.
Interface Summary
The Abstract PKCS #11 smartcard interface is summarised in the following snippet:
For more information on how to configure the JS client library see Configuration.
constwinLocation="C:\\Windows\\System32\\eTPKCS11.dll"constmacLocation="/usr/local/lib/libeTPkcs11.dylib";T1CSdk.T1CClient.initialize(config).then(res => { client = res;console.log("Client config: ",client.localConfig) core =client.core();// Depending on the OS select the appropriate location of the libraryconstpkcs11=client.pkcs11(winLocation);}, err => {});
Depending on the OS you need to provide a valid location to the desired PKCS11 library to be used.
To successfully sign data, we need the following parameters:
Slot ID of the token to use
Certificate ID of the signing certificate
PIN code
Hashed data to sign
Hashing algorithm used
The slot id can be found using either a call to slots, slotsWithTokenPresent. Once the slot id is found, the certificates can be retrieved with a call to certificates. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:
The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback: