How to interact with PKCS # 11 compatible HSM device in PHP

Question

How to interact with PKCS # 11 compatible HSM device in PHP

How can I use key material from HSM compatible with PKCS # 11 (for example, SafeNet iKey 2032 [USB] or Aladdin eToken PRO [USB]) in a PHP application running on a Linux server?

+6

linux php usb pkcs # 11 hsm

Paul Jul 12 '10 at 18:50

source share

3 answers

Sander temme · Answer 1 · 2011-02-26T20:09:49+0000

I did not see, and a quick search did not find, the PCKS # 11 tick library for PHP. This is probably not the answer you are looking for. (: If you have a better fu search than me, update this thread.

I think it’s best to write a C program that calls PKCS # 11 and accesses HSM and calls it from your PHP application as an external binary. Even if the PKCS # 11 shell appears for PHP, this approach will give you the full API available for C code, instead of getting along no matter which wrapper author needs to satisfy his own requirements. PKCS # 11 is a great API, and shell implementations are often incomplete.

Sasha · Answer 2 · 2012-04-28T09:49:43+0000

You need to look at pkcs11-helper from the OpenSC project. It will not be easy if you try to access the PKCS # 11 module directly from PHP.

Kinjal dixit · Answer 3 · 2011-01-09T06:19:39+0000

I assume that you are asking users to use their tokens to generate signatures. signatures are generated on the client side, that is, in the browser. the fact that your solution is on linux / php doesn't matter.

you need to add a software component called a signer that will read the certificate and generate a signature.

existing open source subscribers are written in java, and the reason is that the Java applet is still the most accessible client-side technology.

How to interact with PKCS # 11 compatible HSM device in PHP

More articles: