# p11p-daemon is a PKCS #11 proxy

## Installing dependencies

### p11-kit

	$ sudo apt install p11-kit

Or, if your p11-kit package is too old (<0.23.15):

    $ sudo apt install pkg-config libffi-dev
    $ curl -LO https://github.com/p11-glue/p11-kit/releases/download/0.23.16.1/p11-kit-0.23.16.1.tar.gz
    $ curl -LO https://github.com/p11-glue/p11-kit/releases/download/0.23.16.1/p11-kit-0.23.16.1.tar.gz.sig
    $ gpg --verify p11-kit-0.23.16.1.tar.gz.sig
    $ tar xf p11-kit-0.23.16.1.tar.gz && cd p11-kit
    $ ./configure --without-libtasn1
    $ make all check
    $ sudo make install

### Erlang/OTP 19

Ideally, your OS distribution has Erlang/OTP 19 or newer:

    $ sudo apt install erlang

An alternative -- which hurts because how would you verify kerl --
would be:

    $ curl -LO https://raw.githubusercontent.com/kerl/kerl/master/kerl
    $ : pray that you got the right bits!
    $ chmod +x kerl
    $ sudo apt install libncurses5-dev
    $ ./kerl build 19.2
    $ mkdir ~/kerl
    $ ./kerl install 19.2 ~/kerl/19.2
    $ . ~/kerl/19.2/activate

## Compiling p11p-daemon

If you don't have rebar3 installed, install it. See
https://www.rebar3.org/docs/ .

If you don't have rebar3 in PATH, add it.

Example:

    $ export PATH=$PATH:~/.cache/rebar3/bin

Compile:

    $ cd p11p-daemon
    $ make

## Configuring p11p-daemon

For now, see config/sys.config for how to configure virtual tokens,
each with one or more PKCS #11 module, i.e. shared library.

## Running p11p-daemon

To start p11p-daemon, running in the background and logging to files
under _build/default/rel/p11p/log/:

    $ make start

A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, is
made available and can now be used by a client. Example usage using
p11tool:

    $ P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11p/vtoken0-26585 P11_KIT_DEBUG=none p11tool --provider /usr/lib/pkcs11/p11-kit-client.so --list-tokens
    Token 0:
        URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b4a861d362dbd386;token=mytoken
        Label: mytoken
        Type: Generic token
        Manufacturer: SoftHSM project
        Model: SoftHSM v2
        Serial: b4a861d362dbd386
        Module: (null)

To stop p11p-daemon:

    $ make stop

## Debugging p11p-daemon

To start an Erlang shell running the p11p application:

    $ make shell

Quit by entering "q()." in the Erlang shell.

## Known bugs and limitations

- Multiple p11 applications using the same vtoken in a given
  p11p-daemon will result in undefined behaviour.

  TODO: Make this work, or prohibit it by rejecting a second user of
  the same vtoken.

## Contact

  linus+p11p@sunet.se