PKCS11 Support

[Samuel Erdtman]

Hi,

This is my first post on this mailing list so please have patience with me :-)

I searched the mailing list for this topic but could not find anything (please direct me to it if I missed it). I would like to have PKCS#11 (P11, PKCS11) suport in node, or rather I would like to have the possibility to use keys in hardware through the node crypto API.

I have three reasons for wanting this:

1. More security and speed for TLS-server connections (today only soft- certificates/keys, correct?)

2. Hardware keys for TLS-client connection, to be able to do smart card logon.

3. I want to do create a CA software in node.js

I have looked into creating a module that would wrap a PKCS11 implementation but with that I would only solve use case 3.

I have also looked at forge (https://github.com/digitalbazaar/forge) TLS implementation but then I cannot use the native node libs (TLS-socket and HTTPS) in a good way (at least I could not see any way)

Has this topic been up? has it been disregarded for any special reasons?

If this is something that is desirable for the node.js project I would like to write some code for it (but the first tip on how to get involved was to "Discuss large changes on the mailing list before coding" so here I am).

Best Regards

//Samuel

[Ryan Hurst]

I know this is an old thread but if anyone is interested we have built : https://github.com/PeculiarVentures/node-webcrypto-p11 and https://github.com/PeculiarVentures/graphene to make accessing HSMs within node easy.

For the certificate related things (where one might use Forge) consider looking at pkijs.com.

Samuel, I also have a CA in node if your interested in learning more ping me.

Ryan