Signing error: CryptoServerError: Cannot get PKCS11 EC mechanism by name 'ECDSA_SHA384'

[roschnor]

Using CMS-Demo from https://fortifyapp.com/examples/signing/

and Just Changed

await signedData.sign(privateKey, 0, "SHA-384");

The error comes from node-webcrypto-p11

but I thought it should work due to https://github.com/PeculiarVentures/node-webcrypto-p11/blob/master/src/utils.ts#L136

Okay, I found algName in Array is only "ECDSA", but mechanism.name === p11AlgorithmName is never true than.

Another Question: Is it possible to use signing without hashing? Hashed already by SHA-384 ? Maybe the error is gone then also.

[microshine]

Another Question: Is it possible to use signing without hashing? Hashed already by SHA-384 ? Maybe the error is gone then also.

It's impossible. WebCrypto API doesn't allow signing hashed data.

I'd like if WebCrypto supported this possibility.

Example of hashed message signing

import * as nodeCrypto from "crypto";

const sha3Digest = await nodeCrypto.createHash("sha3-256").update(dataToSign).digest(); // non-standard WebCrypto hash
const signature = await crypto.subtle.sign("ECDSA", ecdsaKey, sha3Digest);

[roschnor]

And I guess it's also not possible to create an ANS1 object with hash identifier and hash and encrypt (not sign) it with ECDSA?

That's what we already did with open ssl and php.

But we need an JavaScript-Solution, because the SmartCard is on customer site.

[microshine]

ANS1 object with hash identifier

You can use asn1js or @peculiar/asn1-schema to do it

encrypt (not sign) it with ECDSA

pkijs supports CMS encryption with ECDSA algorithm
See example