A native Node.js addon that acts as an abstraction of the PKCS#11 API v2.20 from RSA.
Bulwark is a native Node.js addon that utilizes the RSA PKCS#11 API (v2.20) to perform cryptographic operations. This module, specifically, acts as a common layer upon which various vendor-specific additions can be made.
Bulwark utilizes tjfontaine's excellent
node-addon-layer which provides a nice Node.js add-on interface for C. This allows us to avoid writing the add-on in C++. It also gives us a clean upgrade path forward, when the
node-addon-layer is baked into the Node.js core.
Installation of Bulwark is fairly straightforward. Just use npm:
npm install bulwark
Bulwark requires a working PKCS#11 implementation in order to function properly. Most distrubutions include binaries for Mozilla's NSS. NSS offers a pretty good implementation of most PKCS#11 functions, and is the library I use for my own integration testing with Bulwark.
That said, Bulkwark should work without issue on any PKCS#11 API that is compliant with the RSA's PKCS#11 standard, version 2.20. If you notice any strange issues when using a different implementation, please open an issue and I'll try to help.
Assuming you have a PKCS#11 implementation, using Bulwark is fairly straightforward:
var Bulkwark = require"bulwark";// tell Bulwark where your PKCS#11 library is.BulwarksetPKCS11Library"/path/to/libnss3.so";var bulkwark =chunkSize: 4096 // how many bytes should be processed for each C_*Update call.pin: "security-module-pin"console.log"[%d]: %s" level message;;bulwarkopenSession// I can perform various functions on the `session` object now.sessionfindSecretKey"my-key"// I can call functions on the `key` object, too.;;
Contributions to Bulwark are welcome, however there are some fairly interesting conventions when dealing with native add-ons in Node.js (and specifically Bulwark) that you should be aware of.
Errorobject back to a callback function.
Function, and external pointers (think handles).