search

PeculiarVentures / graphene

A simple layer for interacting with PKCS #11 / PKCS11 / CryptoKI for Node in TypeScript. (Keywords: Javascript, PKCS#11, Crypto, Smart Card, HSM)
MIT License
161 stars 34 forks source link

How can I get privatekey #128

Open Arsira-star opened 4 years ago

Arsira-star commented 4 years ago

I have PrivateKey PublicKey and Certificate in HSM I can get Certificate with no problem. Next I need to get private key here this is my code

=========================== const fetchedPrivateKey = session.find({label: 'xxxxxxx'}) const privateKey = fetchedPrivateKey.items(0).toType()

and this is my result

PrivateKey { handle: <Buffer 28 00 00 00 00 00 00 00>, session: Session { handle: <Buffer 01 00 00 00 00 00 00 00>, slot: Slot { handle: <Buffer 00 00 00 00 00 00 00 00>, module: [Object], slotDescription: 'Net Token Slot', manufacturerID: 'Safenet, Inc.', flags: 7, hardwareVersion: [Object], firmwareVersion: [Object] }, state: 0, flags: 4, deviceError: 0 } }

I need value from "privateKey" to use with Certificate for sign How to get that ? I don't see in example

microshine commented 4 years ago

If you need to get an attribute value from the private key use getAttribute (see example) function or PrivateKey getters

If you need a private key for the crypto operation use session object (see example)

Arsira-star commented 4 years ago

Thanks I will try it

Arsira-star commented 4 years ago

In my case It was third party that import private key to HSM. I don't know what private key or attribute in it. I try getAttribute and PrivateKey getters but it don't has any answer for me. Do you have another way ?

rmhrisk commented 4 years ago

Maybe you can share your scenario?

Do I understand correctly you believe you have access to the private key but don't know which private key you need because you didn't generate it and the entity that did has not shared that with you?

Arsira-star commented 4 years ago

Yes you are correct.I check in server HSM.It has 3 thing in slot 0 is Private key , Certificate , Public key.

I can get Certificate and value from it with ".value".It work fine But private key and public key don't have it. As I show you in the first comment that is all i get from private key. I use session.find({class: graphene.ObjectClass.PRIVATE_KEY}).length to check that really has private key in HSM and it return length = 1.

rmhrisk commented 4 years ago

Usually HSMs will not give you a private key back out. They are designed to keep keys safe from export/theft.

microshine commented 4 years ago

@Arsira-star Try to get fields like extractable, sensitive, mechanism

rmhrisk commented 4 years ago

@Arsira-star Try to get fields like extractable, sensitive, mechanism

Works for us.

Arsira-star commented 4 years ago

Do you have any nodejs lib that can work with your lib to sign xml ?

microshine commented 4 years ago

xmldsigjs and xadesjs

These modules use WebCrypto. It allows using modules on NodeJS and Browsers. If you want to use PKCS#11 token for XML signing see node-webcrypto-p11. For NodeJS Crypto API see @peculiar/webcrypto