Skip to content

Instantly share code, notes, and snippets.

@brodygov

brodygov/pkcs11-test.rb

Last active October 29, 2019 17:39
Show Gist options
  • Save brodygov/f97ad8a200b77fb4d108483b58881a86 to your computer and use it in GitHub Desktop.
Save brodygov/f97ad8a200b77fb4d108483b58881a86 to your computer and use it in GitHub Desktop.
Download ZIP
Test of openssl PKCS11 functionality (works with PIV card)
Raw
pkcs11-test.rb
# engine_pkcs11 came from `brew install engine_pkcs11`
require 'tty-prompt'
OpenSSL::Engine.load
pkcs11_engine = OpenSSL::Engine.by_id('dynamic') do |e|
e.ctrl_cmd('SO_PATH', '/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so')
e.ctrl_cmd('ID', 'pkcs11')
e.ctrl_cmd('LIST_ADD', '1')
e.ctrl_cmd('LOAD')
e.ctrl_cmd('PIN', TTY::Prompt.new.ask('PIN:', echo: false))
e.ctrl_cmd('MODULE_PATH', '/usr/local/lib/opensc-pkcs11.so')
end
key = pkcs11_engine.load_private_key('0:1')
key.sign(OpenSSL::Digest::SHA256.new, data)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment