spikex
commented
10 years ago I'm afraid I haven't worked with PKCS11. A little googling suggests that some libraries to expose the key pair, but in a cursory glance as the gem documentation I didn't see a what to that. I'd ping the PKCS11 gem developers. If you can extract key pair from the PKCS11::Object, it would be easy to use with Strongbox.
If you do find away, let me know and I'll document it.
I am using NSS to store the keys I want to provide to strongbox for encryption/decryption. Accessing nss requires the use of the PKCS11 gem. The keys, when retrieved from NSS are PKCS11::Object's. Strongbox requires OpenSSL::PKey::RSA objects. I am unfamiliar with the internals of both of those objects, and so it is unclear to me how to convert PKCS11::Object to OpenSSL::PKey::RSA. Has anyone done this before or know how to do it? Thanks Brendan