Issue with Handling PKCS#11 Tokens Requiring PIN on Operations

Question

Issue with Handling PKCS#11 Tokens Requiring PIN on Operations

microshine opened this issue 10 months ago · 0 comments

Description

The @webcrypto-local/server module is experiencing an issue with PKCS#11 tokens that necessitate the entry of a PIN when performing operations. Although the node-webcrypto-p11 module, which is utilized by the library, supports this mechanism, it is not currently being leveraged by the @webcrypto-local/server.

Steps to Reproduce

Below is an example snippet demonstrating the intended usage:

// Adding an always authenticate handler
crypto.onAlwaysAuthenticate = async () => {
  return "your pin";
};

// Checking the always authenticate requirement
const signingKey = await crypto.keyStorage.getItem(keys[0]);
console.log("Always authenticate: ", signingKey.alwaysAuthenticate);

Expected Behavior

The library should handle the PIN entry for PKCS#11 tokens when required by certain operations, using the mechanism provided by node-webcrypto-p11.

Actual Behavior

The current implementation results in a CKR_USER_NOT_LOGGED_IN error for keys that require authentication.