# p11p is a PKCS #11 proxy

## Compile

If you don't have rebar3 installed, install it. See
https://www.rebar3.org/docs/ .

If you don't have rebar3 in PATH, add it. Example:

    $ export PATH=$PATH:~/.cache/rebar3/bin

Compile:

    $ make

## Configure

For now, see config/sys.config.

## Run

To start an Erlang shell running the p11p application:

    $ make shell

Quite by typing in "q()." in the shell.

To start a "release", running in the background logging to files under
_build/default/rel/p11p/log:

    $ make start

To stop it again:

    $ make stop

A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, can
now be used by a client. Example:

    $ P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11p/vtoken0-26585 P11_KIT_DEBUG=none p11tool --provider /usr/lib/pkcs11/p11-kit-client.so --list-tokens
    Token 0:
        URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b4a861d362dbd386;token=mytoken
        Label: mytoken
        Type: Generic token
        Manufacturer: SoftHSM project
        Model: SoftHSM v2
        Serial: b4a861d362dbd386
        Module: (null)

## Known bugs and limitations

- Multiple p11 applications using the same vtoken in a given
  p11p-daemon will result in undefined behaviour. We should either
  make this work, or prohibit it by rejecting a second user of the
  same vtoken.