mlaily
commented
4 years ago Hey, thanks for your interest.
I have had bad experiences interacting directly with PKCS#11 in the past. Using the system implementation to access X509 certificates is waay easier (at least on Windows).
My plugin is fairly simple, so while it's probably not a drop-in-replacement (for one, you would have to provide a way to select a PKCS#11 driver), it might be relatively easy to use the suggested library to access the hardware.
I'm currently not willing to invest time into this (though I might in the future), but you are free to try!
Don't hesitate if you have further questions.
Your Plugin doesn't work on Linux (and macOS, I suppose). For one, it crashes since the X509 store "My" isn't available here by default. And of course, there is no Minidriver providing X.509 certificates here. One thing to try would be to use https://github.com/Pkcs11Interop/Pkcs11Interop.X509Store for mapping to a PKCS#11 module instead. Do you think that would be possible as drop-in-replacement for the default X509Store?