How to use in Laravel application? about php-pkcs11 HOT 7 CLOSED

Hi @Matt561

If your HSM supports the curve by name, you should be able to use this extension to sign using secp256k1. Since you mentionned LunaHSM, I will guess that you are using the firmware version >= 7.3, which should support it.

Try this:

$keypair = $session->generateKeyPair(new Pkcs11\Mechanism(Pkcs11\CKM_EC_KEY_PAIR_GEN), [
  Pkcs11\CKA_VERIFY => true,
  Pkcs11\CKA_LABEL => "Test ECDSA Public",
  Pkcs11\CKA_EC_PARAMS => hex2bin('06052B8104000A'),
],[
  Pkcs11\CKA_TOKEN => false,
  Pkcs11\CKA_PRIVATE => true,
  Pkcs11\CKA_SENSITIVE => true,
  Pkcs11\CKA_SIGN => true,
  Pkcs11\CKA_LABEL => "Test ECDSA Private",
]);

$pkey = $keypair->pkey;
$skey = $keypair->skey;

$data = "Hello World!";
$hash = hash('sha256', $data, true);
$mechanism = new Pkcs11\Mechanism(Pkcs11\CKM_ECDSA);
$signature = $skey->sign($mechanism, $hash);
$check = $keypair->pkey->verify($mechanism, $hash, $signature);

$session->logout();

Also, this library does not provide a dedicated parameters object for CKM_BIP32_*_DERIVE mechanisms, since they are proprietary to Thales, so you won't be able to use it for deriving HD wallet keys. That would be a good addition though.

from php-pkcs11.

Hi @Matt561,

This is a PHP extension, you can read more about them here:

• https://www.zend.com/blog/php-development-using-php-extensions
• https://www.php.net/manual/en/extensions.php
• https://ma.ttias.be/how-to-compile-and-install-php-extensions-from-source/

from php-pkcs11.

@Magentron Thanks for the insight!

For anyone in the same position, I got it working using pecl.

• Install pecl
• Install extension:pecl install pkcs11
• Add extension to php.ini: echo "extension=pkcs11.so" > /path/to/php.ini

from php-pkcs11.

@Magentron

I see that this library allows the generation of keypairs. Does it yet allow signing (ecdsa secp256k1) using those newly generated keys?

from php-pkcs11.

Awesome! Thank you!

I actually was having trouble using this library. When trying to open a new session I get the CRK_TOKEN_NOT_PRESENT error despite having one (other libs can successfully interact with the hsm).

With this in mind, I tried to use the initToken function that is provided from this library but it actually crashed my docker container with a segmentation fault error.

from php-pkcs11.

Hi @MattG561,

apologies for the late reply, I simply did not see the notification for your last message.

Which HSM model and firmware versions are you using ?

Also, how are you using the extension exactly ? Apache mod_php, FPM, CLI, other ?

from php-pkcs11.

Closing, can reopen if more details are provided

from php-pkcs11.