Currently we are working on digital signature with HSM Module, As we plan using AWS CloudHSM as our HSM.
Now we are testing your lib with p12 file everything working great so far.
After that we had try to swap to use HSM (In this case we use SoftHSM for POC) and with PKCS#11 (With pkcs11js) We try to adapt this with signing. But no luck.
It would be great if anyone can recommend me or guide me how i can signing PDF with HSM.
I'm already try a lot of way still not success for signing PDF with HSM
My question is:
Any idea that how i can apply PKCS11 with node-signpdf (Using PCKS11 to gen .p12 something like this or it can be sign directly with PKCS11)?
Note: Sorry for asking in this repository but would be great if you can recommend me to use this with node-signpdf
const pkcs11js = require("pkcs11js");
const helpers = require('node-signpdf/dist/helpers');
const pkcs11 = new pkcs11js.PKCS11();
pkcs11.load("/usr/local/lib/softhsm/libsofthsm2.so");
(async => {
try {
pkcs11.C_Initialize();
// Getting info about PKCS11 Module
var module_info = pkcs11.C_GetInfo();
console.log(module_info)
// Getting list of slots
var slots = pkcs11.C_GetSlotList(true);
var slot = slots[0];
// Getting info about slot
var slot_info = pkcs11.C_GetSlotInfo(slot);
console.log(slot_info)
// Getting info about token
var token_info = pkcs11.C_GetTokenInfo(slot);
console.log(token_info)
// Getting info about Mechanism
// var mechs = pkcs11.C_GetMechanismList(slot);
// var mech_info = pkcs11.C_GetMechanismInfo(slot, mechs[0]);
// Set session
var session = pkcs11.C_OpenSession(slot, pkcs11js.CKF_RW_SESSION | pkcs11js.CKF_SERIAL_SESSION);
// // Getting info about Session
// var info = pkcs11.C_GetSessionInfo(session);
pkcs11.C_Login(session, 1, "1234");
const publicKeyTemplate = [
{ type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PUBLIC_KEY },
{ type: pkcs11js.CKA_TOKEN, value: false },
{ type: pkcs11js.CKA_LABEL, value: 'My RSA Public Key' },
{ type: pkcs11js.CKA_PUBLIC_EXPONENT, value: Buffer.from([1, 0, 1]) },
{ type: pkcs11js.CKA_MODULUS_BITS, value: 2048 },
{ type: pkcs11js.CKA_VERIFY, value: true }
];
const privateKeyTemplate = [
{ type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_PRIVATE_KEY },
{ type: pkcs11js.CKA_TOKEN, value: false },
{ type: pkcs11js.CKA_LABEL, value: 'My RSA Private Key' },
{ type: pkcs11js.CKA_SIGN, value: true },
];
const keys = pkcs11.C_GenerateKeyPair(session, { mechanism: pkcs11js.CKM_RSA_PKCS_KEY_PAIR_GEN }, publicKeyTemplate, privateKeyTemplate);
pkcs11.C_SignInit(session, { mechanism: pkcs11js.CKM_SHA256_RSA_PKCS }, keys.privateKey);
let pdfBuffer = fs.readFileSync('./RAW_PDF.pdf');
pdfBuffer = helpers.plainAddPlaceholder({
pdfBuffer,
reason: 'POC-SIGNED',
signatureLength: 1612,
});
pkcs11.C_SignUpdate(session, new Buffer(pdfBuffer));
const signature = pkcs11.C_SignFinal(session, new Buffer(256));
pkcs11.C_VerifyInit(session, { mechanism: pkcs11js.CKM_SHA256_RSA_PKCS }, keys.publicKey);
pkcs11.C_VerifyUpdate(session, new Buffer(pdfBuffer));
const verify = pkcs11.C_VerifyFinal(session, signature);
console.log(keys)
console.log('Verify sign data result:', verify)
fs.writeFileSync('PDF-A-A.pdf', pdfBuffer)
pkcs11.C_Logout(session);
pkcs11.C_CloseSession(session);
}
catch(e){
console.error(e);
}
finally {
pkcs11.C_Finalize();
}
})()``
Hi,
Currently we are working on digital signature with HSM Module, As we plan using AWS CloudHSM as our HSM.
Now we are testing your lib with p12 file everything working great so far.
After that we had try to swap to use HSM (In this case we use SoftHSM for POC) and with PKCS#11 (With pkcs11js) We try to adapt this with signing. But no luck.
It would be great if anyone can recommend me or guide me how i can signing PDF with HSM. I'm already try a lot of way still not success for signing PDF with HSM
Here is my Snippet with PKCS11#JS We got this as a result: https://ibb.co/L96VDLM
My question is: Any idea that how i can apply PKCS11 with node-signpdf (Using PCKS11 to gen .p12 something like this or it can be sign directly with PKCS11)?
Note: Sorry for asking in this repository but would be great if you can recommend me to use this with node-signpdf