Comments (7)
Hi @Matt561
If your HSM supports the curve by name, you should be able to use this extension to sign using secp256k1. Since you mentionned LunaHSM, I will guess that you are using the firmware version >= 7.3, which should support it.
Try this:
$keypair = $session->generateKeyPair(new Pkcs11\Mechanism(Pkcs11\CKM_EC_KEY_PAIR_GEN), [
Pkcs11\CKA_VERIFY => true,
Pkcs11\CKA_LABEL => "Test ECDSA Public",
Pkcs11\CKA_EC_PARAMS => hex2bin('06052B8104000A'),
],[
Pkcs11\CKA_TOKEN => false,
Pkcs11\CKA_PRIVATE => true,
Pkcs11\CKA_SENSITIVE => true,
Pkcs11\CKA_SIGN => true,
Pkcs11\CKA_LABEL => "Test ECDSA Private",
]);
$pkey = $keypair->pkey;
$skey = $keypair->skey;
$data = "Hello World!";
$hash = hash('sha256', $data, true);
$mechanism = new Pkcs11\Mechanism(Pkcs11\CKM_ECDSA);
$signature = $skey->sign($mechanism, $hash);
$check = $keypair->pkey->verify($mechanism, $hash, $signature);
$session->logout();
Also, this library does not provide a dedicated parameters object for CKM_BIP32_*_DERIVE mechanisms, since they are proprietary to Thales, so you won't be able to use it for deriving HD wallet keys. That would be a good addition though.
from php-pkcs11.
Hi @Matt561,
This is a PHP extension, you can read more about them here:
- https://www.zend.com/blog/php-development-using-php-extensions
- https://www.php.net/manual/en/extensions.php
- https://ma.ttias.be/how-to-compile-and-install-php-extensions-from-source/
from php-pkcs11.
@Magentron Thanks for the insight!
For anyone in the same position, I got it working using pecl.
- Install
pecl
- Install extension:
pecl install pkcs11
- Add extension to php.ini:
echo "extension=pkcs11.so" > /path/to/php.ini
from php-pkcs11.
I see that this library allows the generation of keypairs. Does it yet allow signing (ecdsa secp256k1) using those newly generated keys?
from php-pkcs11.
Awesome! Thank you!
I actually was having trouble using this library. When trying to open a new session I get the CRK_TOKEN_NOT_PRESENT
error despite having one (other libs can successfully interact with the hsm).
With this in mind, I tried to use the initToken
function that is provided from this library but it actually crashed my docker container with a segmentation fault
error.
from php-pkcs11.
Hi @MattG561,
apologies for the late reply, I simply did not see the notification for your last message.
Which HSM model and firmware versions are you using ?
Also, how are you using the extension exactly ? Apache mod_php, FPM, CLI, other ?
from php-pkcs11.
Closing, can reopen if more details are provided
from php-pkcs11.
Related Issues (20)
- Support C_WaitForSlotEvent() HOT 4
- Support Notify in C_OpenSession
- tests: PHP11_PIN vs PHP11_SOPIN HOT 1
- Segfault when Pkcs11\Module is instanciated inside an included file. HOT 2
- test failures - P11Object HOT 4
- [0.1.1] Seg fault in test suite HOT 22
- 0160-rsa-encrypt-pkcs - segfault with HSM HOT 5
- failed tests due to unsupported C_CreateObject() by HSM
- Module variable going out of scope causes open session to be broken and cause SegFault HOT 5
- Decryption using symmetric key in another function gives CKR_GENERAL_ERROR HOT 14
- Using ECDSA/RSA Signing? HOT 5
- Internal Server Error (0x00000007/CKR_ARGUMENTS_BAD) PKCS#11 module error: Unable to encrypt [/website/test/***/Hsm.php:119] HOT 2
- Variable types of attributes are not compareable with constants HOT 1
- How To Use On Windows ? HOT 2
- Exception thrown on propietary driver HOT 2
- AWS Cloud HSM Support HOT 2
- Exporting a public key/object from token. HOT 3
- Support AWS CloudHSM SDK 1.1.1 and later HOT 7
- Not login when sign HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-pkcs11.