Our project also required us to utilize Hardware Security Modules and smart cards on the server side so we made a library called Graphene that made it possible to use PKCS#11 devices from within Nodejs.
We then thought that in most cases others did not care about interacting with the token directly and would prefer a higher level API they were already familiar with. We hope that library is
node-webcrypto-p11, if you have code based on WebCrypto (for example the excelent js-jose) with only a change in a constructor you can work with PKCS#11 devices.
For example to generate a key you this is all it takes:
const Crypto = ;const config =library: "/usr/local/lib/softhsm/libsofthsm2.so"name: "SoftHSM v2.0"slot: 0readWrite: truepin: "12345";const crypto = config;const keys = await cryptosubtle;
At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
1 Mechanism supports extended list of named curves
2 Mechanism is not defined by the WebCrypto specifications. Use of mechanism in a safe way is hard, it was added for the purpose of enabling interoperability with an existing system. We recommend against its use unless needed for interoperability.
npm install node-webcrypto-p11
git clone https://github.com/PeculiarVentures/node-webcrypto-p11 cd node-webcrypto-p11
Tests and samples use a file called config.js file for PKCS11 module configuration. The format of which is:
moduleexports =library: "path/to/pkcs11/module.so"name: "Name of PKCS11 module"slot: 0 // number of slotpin: "password"readWrite: truevendors: // list of vendor files, optional
The threat model is defined in terms of what each possible attacker can achieve. The list is intended to be exhaustive.
TODO: ADD ASSUMPTIONS
Threats From A node-webcrypto-p11 Defect
node-webcrypto-p11 handles ciphertext, cleartext, and sessions. A defect in this library could result in these values being exposed to an attacker. Examples of such defects include:
- Buffer, Integer or other overflow related defects,
- Parsing errors,
- Logic errors,
- Weak user seperation or permissions.
Threats From A PKCS#11 defect
PKCS#11 implementations are often old, poorly maintained and incomplete. This can obviously lead to defects. Defects in the PKCS#11 implementation can result in:
- Weakly implemented or applied cryptographic primitives,
- Leaked sessions or secrets that expose use of the key,
- Leaked cryptographic key material.
Threats From Weak Cryptography
Secure use of cryptography requires the implementor to understand the security properties of a given algorithm as well as how to use it in a secure construction.
Additionally this library exposes some algorithms that may have known weakneses or are simply too old to be used safely.
Threats From Improper Use Of Cryptography
It is easy to apply cryptography but hard to apply it correctly. Algorithms each have their own security properties and appropriate constructions. The consumer of this library is responsible for understanding how to use the exposed algorithms securely.
ECDSA key pair with named curve
P-256 and signs/verifies text message.
const Crypto = ;const config =library: "/usr/local/lib/softhsm/libsofthsm2.so"name: "SoftHSM v2.0"slot: 0readWrite: truepin: "12345"const crypto = config;const keys = await cryptosubtle;const signature = await cryptosubtle;console;const ok = await cryptosubtle;console;
The CryptoKeyStorage interface enables you to persist and retrieve keys across sessions.
Generate a cryptographic key and store it
const keys = await cryptosubtle;// set private key to storageconst privateKeyID = await cryptokeyStorage;// set public key to storageconst publicKeyID = await cryptokeyStorage;// get list of keysconst indexes = await cryptokeyStorage;console; // ['private-3239...', 'public-3239...']// get key by idconst privateKey = await cryptokeyStorage;// signing dataconst signature = await cryptosubtle;console;
The CryptoCertificateStorage interface enables you to persist and retrieve certificates across sessions.
Add certificate to storage and use it for verification of signed data
const X509_RAW = Bufferconst x509 = await cryptocertStorage;console; // C=name, O=...const index = await cryptocertStorageconsole; // x509-2943...const ok = await cryptosubtle;console;
Please report bugs either as pull requests or as issues in the issue tracker. Backwater has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.