cd src/nginx_modules/nginx-1.22.0
./configure --prefix=src/nginx_modules/bin/
--add-module=src/nginx_modules/ngx_http_hsm_service_module
--with-cc-opt="-Ijson-c/include"
--with-ld-opt="-Ljson-c/lib"
make
make install
../bin/sbin/nginx -c ../bin/conf/nginx.conf
/////// nginx.conf //////////////
#user nobody;
worker_processes 1;
daemon off;
error_log logs/error.log debug;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 1024;
worker_aio_requests 5;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
hsm_service_lib "[path]/libsofthsm2.so";
hsm_service_conf "[path]/softhsm2.conf";
server {
listen 9999;
server_name localhost;
location ~ ^/hsm/(encdec|signver)$ {
hsm_service ;
hsm_service_slotname "SLOT1";
hsm_service_user "user";
hsm_service_pass "654321";
hsm_service_encdec_key "KEY1";
hsm_service_sign_key "SIGNKEY1";
hsm_service_verify_key "VERIFYKEY1";
}
}
}
////////////////// Test //////////////////
Encryption Test ->
curl -v --header 'Content-Type: application/json' \
-d '{"transactionId": 12344, "data": "BASE64(PLAIN_DATA)", "type": 0}' \
http://localhost:9999/hsm/encdec
Decryption Test ->
curl -v --header 'Content-Type: application/json' \
-d '{"transactionId": 12344, "data": "BASE64(ENC_DATA)", "type": 1}' \
http://localhost:9999/hsm/encdec
Sing Test ->
curl -v --header 'Content-Type: application/json' \
-d '{"transactionId": 345678, "data": "BASE64(SHA256(PLAIN_DATA))", "type": 0}' \
http://localhost:9999/hsm/signver
Verify Test ->
curl -v --header 'Content-Type: application/json' -d '{"transactionId": 12344, "data": "BASE64(SHA256(PLAIN_DATA)+SIGN)", "type": 1}' http://localhost:9999/hsm/signver
cetinbaltaci/ngx_http_hsm_service_module
Nginx module for HSM Service with PKCS11/Cryptoki lib (SoftHSM)
C