danish

danish

Crypto.sign with an engine stored private key

Hi All,

I am trying to sign a string with a an engine stored private key.
my engine loads fine, but I am getting an argument error on :crypto.sign.

code:

def digital_signature(string) do
refrenceKey = load_engine()
privKey = %{:engine => refrenceKey, :key_id => "3"}
signature = :crypto.sign(:rsa, :sha256, string, privKey)
end

def load_engine() do
{:ok, engine} = :crypto.engine_load(<<"dynamic">>,[{<<"SO_PATH">>,<<"/some/path/otp_test_engine.so">>},{<<"ID">>, <<"cloudhsm">>},<<"LOAD">>],[])
engine
end

error:

** (exit) an exception was raised:
** (ArgumentError) argument error
(crypto) :crypto.pkey_sign_nif(:rsa, :sha256, "{\"Username\":\"simon\",\"Timestamp\":\"2019-01-04T20:58:48.7840832Z\",\"MachineName\":\"DESKTOP-04VG111\"}", [%{:engine => #Reference<0.1907491504.29753345.12345>, :key_id => "3"}], [])
(crypto) crypto.erl:829: :crypto.sign/5

Most Liked

voltone

voltone

I think the password attribute is mandatory in the map describing the private key.

When I tried to use the :crypto engine API with a YubiKey in the past I got stuck on the OpenSC PKCS#11 driver asking for a PIN using stdin/stdout. The BEAM has its own I/O handling and doesn’t let me enter the PIN. It seems weird to have a library try and perform interactive I/O like that, and I guess it must be possible to pass the PIN through the API instead, but I haven’t found a way.

ericr3r

ericr3r

I hate to jump on an old post but I kept running into this post when trying to solve how to perform digital signatures with a YubiKey. I was not able to solve how to perform the signature using a certificate in slot 9c (cert #02) because it requires user input for every signature event but slot 9e (cert #04) allowed me to login using pin once and perform a signature.

Here is the related code for posterity’s sake:

  def digital_signature(string, %{pin: _pin, slot: _slot} = opts) do
    {:ok, engine} = load_engine()
    privKey = private_key(engine, opts)
    signature = :crypto.sign(:ecdsa, :sha256, string, privKey)
  end

  def load_engine() do
    :crypto.engine_load(
      "dynamic",
      [{"SO_PATH", libpkcs}, {"ID", "pkcs11"}, {"LOAD", ""}],
      [{"MODULE_PATH", "/usr/lib/libykcs11.so"}]
    )
  end

  def private_key(engine, %{pin: pin, slot: slot}) do
    %{
      engine: engine,
      key_id:
        "pkcs11:object=X.509%20Certificate%20for%20Digital%20Signature;pin-value=#{pin};id=%#{
          slot
        }"
    }
  end

Where Next?

Popular in Questions Top

New
Tee
can someone please explain to me how Enum.reduce works with maps
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
lucidguppy
I have a super simple question about elixir - how would I take a file like this foo bar baz and output a new file that enumerates th...
New
dotdotdotPaul
Okay, I’m having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I’m sure I’...
New

Other popular topics Top

senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID&lt;0.412.0&gt; terminating ** (Postgrex.Error) FATAL...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" =&gt; #BSON.ObjectId&lt;58eb1a7a9ad169198c3dXXXX&gt;, "email" =&gt; ...
New

We're in Beta

About us Mission Statement