Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
pkcs11-smartcard-sign
Advanced tools
This module allows you to sign anything with a private key stored on PKCS #11 smartcard.
This module allows you to sign anything with a private key stored on PKCS #11 smartcard.
For example, you can upload your key to YubiKey and generate signatures.
It's using pkcs11-tool
from OpenSC to process signatures. If it's not installed, you will get an error.
const signer = require('pkcs11-smartcard-sign');
// Basic usage:
// - SHA-256
// - Read key with ID 02
// - Prompt for PIN
signer.sign({
data: Buffer.from('something')
}).then(signature => {
console.log(signature.toString('hex'));
}).catch(err => {
console.error(err);
});
// Advanced options
signer.sign({
data,
// predefined PIN
pin: '0000',
// ID of the key to use (on the smart card)
key: '03',
// algo: sha256 or sha512
algo: 'sha512',
// select N-th smart card reader configured by the system
reader: 2,
// verify with this public key after sign
verifyKey: fs.readFileSync('your-public-key.pem'),
// module to use
module: '/usr/local/lib/libykcs11.1.dylib'
});
FAQs
This module allows you to sign anything with a private key stored on PKCS #11 smartcard.
We found that pkcs11-smartcard-sign demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.