Crypt-PKCS11-Easy

Release 0.161160

Wrapper around Crypt::PKCS11 to make using a HSM not suck

Repository CPAN Perl

Keywords
cryptoki, encryption, hsm, perl, perl-module, perl5, pkcs11, signing
License
Artistic-1.0-Perl

Documentation

Build Status Coverage Status Kwalitee status GitHub issues GitHub tag Cpan license Cpan version

SYNOPSIS

use Crypt::PKCS11::Easy;
use IO::Prompter;

my $file = '/file/to/sign';

my $hsm = Crypt::PKCS11::Easy->new(
    module => 'libCryptoki2_64',
    key    => 'MySigningKey',
    slot   => '0',
    pin    => sub { prompt 'Enter PIN: ', -echo=>'*' },
);

my $base64_signature = $hsm->sign_and_encode(file => $file);
my $binary_signature = $hsm->decode_signature(data => $base64_signature);

$hsm->verify(file => $data_file, sig => $binary_signature)
  or die "VERIFICATION FAILED\n";

DESCRIPTION

This module is an OO wrapper around Crypt::PKCS11, designed primarily to make using a HSM as simple as possible.

Signing a file with Crypt::PKCS11 

use IO::Prompter;
use Crypt::PKCS11;
use Crypt::PKCS11::Attributes;

my $pkcs11 = Crypt::PKCS11->new;
$pkcs11->load('/usr/safenet/lunaclient/lib/libCryptoki2_64.so');
$pkcs11->Initialize;
# assuming there is only one slot
my @slot_ids = $pkcs11->GetSlotList(1);
my $slot_id = shift @slot_ids;

my $session = $pkcs11->OpenSession($slot_id, CKF_SERIAL_SESSION)
    or die "Error" . $pkcs11->errstr;

$session->Login(CKU_USER, sub { prompt 'Enter PIN: ', -echo=>'*' } )
    or die "Failed to login: " . $session->errstr;

my $object_template = Crypt::PKCS11::Attributes->new->push(
    Crypt::PKCS11::Attribute::Label->new->set('MySigningKey'),
    Crypt::PKCS11::Attribute::Sign->new->set(1),
);
$session->FindObjectsInit($object_template);
my $objects = $session->FindObjects(1);
my $key = shift @$objects;

my $sign_mech = Crypt::PKCS11::CK_MECHANISM->new;
$sign_mech->set_mechanism(CKM_SHA1_RSA_PKCS);

$session->SignInit($sign_mech, $key)
    or die "Failed to set init signing: " . $session->errstr;

my $sig = $session->Sign('SIGN ME')
    or die "Failed to sign: " . $session->errstr;

Signing a file with Crypt::PKCS11::Easy 

use Crypt::PKCS11::Easy;
use IO::Prompter;

my $hsm = Crypt::PKCS11::Easy->new(
    module => 'libCryptoki2_64',
    key    => 'MySigningKey',
    slot   => '0',
    pin    => sub { prompt 'Enter PIN: ', -echo=>'*' },
);

my $sig = $hsm->sign(data => 'SIGN ME');

To make that conciseness possible a Crypt::PKCS11::Object can only be used for one function, e.g. signing OR verifying, and cannot be set to use a different key or a different token after instantiation. A new object should be created for each function.

SEE ALSO

Stats

Dependencies
15
Dependent packages
0
Dependent repositories
0
Total releases
7
Latest release
First release
Stars
3
Forks
2
Watchers
4
Contributors
2
Repository size
90.8 KB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.162150
0.161790
0.161750
0.161530
0.161260
0.161250
0.161160

Contributors

Ioan Rogers Christopher Anthony


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2016-11-19 06:20:37 UTC

Login to resync this project