# p11p is a PKCS #11 proxy

## Install dependencies

### p11-kit

    $ sudo apt install pkg-config libffi-dev
    $ curl -LO https://github.com/p11-glue/p11-kit/releases/download/0.23.16.1/p11-kit-0.23.16.1.tar.gz
    $ curl -LO https://github.com/p11-glue/p11-kit/releases/download/0.23.16.1/p11-kit-0.23.16.1.tar.gz.sig
    $ gpg --verify p11-kit-0.23.16.1.tar.gz.sig
    $ tar xf p11-kit-0.23.16.1.tar.gz && cd p11-kit
    $ ./configure --without-libtasn1
    $ make all check
    $ sudo make install

### Erlang/OTP 19

Ideally, your OS distribution has Elrang/OTP 19.x:

    $ sudo apt install erlang

An alternative -- which hurts because how would you verify kerl --
would be:

    $ curl -LO https://raw.githubusercontent.com/kerl/kerl/master/kerl
    $ : pray that you got the right bits!
    $ chmod +x kerl
    $ sudo apt install libncurses5-dev
    $ ./kerl build 19.2
    $ mkdir ~/kerl
    $ ./kerl install 19.2 ~/kerl/19.2
    $ . ~/kerl/19.2/activate

## Compile p11p-daemon

If you don't have rebar3 installed, install it. See
https://www.rebar3.org/docs/ .

If you don't have rebar3 in PATH, add it. Example:

    $ export PATH=$PATH:~/.cache/rebar3/bin

Compile:

    $ cd p11p-daemon
    $ make

## Configure

For now, see config/sys.config.

## Run

To start an Erlang shell running the p11p application:

    $ make shell

Quit by typing in "q()." in the shell.

To start a "release", running in the background and logging to files
under _build/default/rel/p11p/log:

    $ make start

To stop it:

    $ make stop

A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, can
now be used by a client. Example:

    $ P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11p/vtoken0-26585 P11_KIT_DEBUG=none p11tool --provider /usr/lib/pkcs11/p11-kit-client.so --list-tokens
    Token 0:
        URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b4a861d362dbd386;token=mytoken
        Label: mytoken
        Type: Generic token
        Manufacturer: SoftHSM project
        Model: SoftHSM v2
        Serial: b4a861d362dbd386
        Module: (null)

## Known bugs and limitations

- Multiple p11 applications using the same vtoken in a given
  p11p-daemon will result in undefined behaviour. We should either
  make this work, or prohibit it by rejecting a second user of the
  same vtoken.