Reuse key ID

[microshine]

There is a problem with ID value for cases when key pair were generated by another application and certificate is importing by this module. Application should reuse ID from existing public keys (if it's possible), otherwise use ID generator (like it does now)

• [ ] certificate importing
• [ ] certificate request importing

https://github.com/PeculiarVentures/node-webcrypto-p11/blob/master/src/certs/x509.ts#L59-L67

This problem is described here https://github.com/PeculiarVentures/fortify/issues/516#issuecomment-1248128512

[MhmodTayel]

@microshine I faced the same issue but i manged to solve it by passing the id of public key that generated from another package through algorithm object and it works just fine.

async function writeCert(
  cert: string,
  userPin: string,
  slot: number,
  id: Buffer
) {
  try {
    const crypto = new Crypto({
      library: lib,
      slot,
      pin: userPin,
      readWrite: true,
    });
    // Generate RSA keys
    const alg = {
      name: "RSASSA-PKCS1-v1_5",
      hash: "SHA-256",
      publicExponent: new Uint8Array([1, 0, 1]),
      modulusLength: 2048,
      token: true,
      sensitive: true,
      local: true,
      id,
      label: "My Certificate",
    };
    const X509_RAW = Buffer.from(cert, "base64");

    const x509 = await crypto.certStorage.importCert("raw", X509_RAW, alg, [
      "verify",
    ]);
    const index = await crypto.certStorage.setItem(x509);
  } catch (err) {
    console.error(err);
  }
}

        const { token, label, sensitive, ...keyAlg } = algorithm;
        this.publicKey = await this.getData().publicKey.export(keyAlg, keyUsages, this.crypto);
        const hashSPKI = this.publicKey.p11Object.id;

        const certLabel = this.getName();
        const template = this.crypto.templateBuilder.build({
            action: "import",
            type: "x509",
            attributes: {
                id: keyAlg.id,
                label: algorithm.label || certLabel,
                token: !!(algorithm.token),
            },
        });

I think this is better because if there are more than one public key how will you get the id of the right one ?

[sanawershoukat]

@microshine I faced the same issue but i manged to solve it by passing the id of public key that generated from another package through algorithm object and it works just fine.

async function writeCert(
  cert: string,
  userPin: string,
  slot: number,
  id: Buffer
) {
  try {
    const crypto = new Crypto({
      library: lib,
      slot,
      pin: userPin,
      readWrite: true,
    });
    // Generate RSA keys
    const alg = {
      name: "RSASSA-PKCS1-v1_5",
      hash: "SHA-256",
      publicExponent: new Uint8Array([1, 0, 1]),
      modulusLength: 2048,
      token: true,
      sensitive: true,
      local: true,
      id,
      label: "My Certificate",
    };
    const X509_RAW = Buffer.from(cert, "base64");

    const x509 = await crypto.certStorage.importCert("raw", X509_RAW, alg, [
      "verify",
    ]);
    const index = await crypto.certStorage.setItem(x509);
  } catch (err) {
    console.error(err);
  }
}

        const { token, label, sensitive, ...keyAlg } = algorithm;
        this.publicKey = await this.getData().publicKey.export(keyAlg, keyUsages, this.crypto);
        const hashSPKI = this.publicKey.p11Object.id;

        const certLabel = this.getName();
        const template = this.crypto.templateBuilder.build({
            action: "import",
            type: "x509",
            attributes: {
                id: keyAlg.id,
                label: algorithm.label || certLabel,
                token: !!(algorithm.token),
            },
        });

I think this is better because if there are more than one public key how will you get the id of the right one ?

Hi,

I have tried above solution to import the certificate into the card, certificate gets imported but the connection with the keypair is not established due to which I am not able to sign the data.