Pkcs11ex.PIN (pkcs11ex v0.1.0)

Copy Markdown View Source

PIN-handling helpers.

See docs/specs/specs.md §5.2 for the layered PIN model. The library's primary API for PIN material is the per-slot :pin_callback config; this module provides convenience helpers for one-shot scripts and tests where registering a callback is overkill.

Summary

Functions

with_pin(slot_ref, pin, fun)

Run fun with a slot logged in via pin, then log out.

Functions

with_pin(slot_ref, pin, fun)

@spec with_pin(atom(), binary(), (-> result)) :: result | {:error, term()}
when result: any()

Run fun with a slot logged in via pin, then log out.

Useful for scripts and tests where a registered :pin_callback isn't appropriate. The PIN binary is passed once into Pkcs11ex.Slot.login/2, which immediately forwards it to the NIF; it's not retained in any GenServer state.

Pkcs11ex.PIN.with_pin(:legal_proxy, System.get_env("TOKEN_PIN"), fn ->
  {:ok, jws} = SignCore.JWS.sign(payload,
    # ... slot-aware sign opts (Phase 2 step 3 will route via :signer)
  )
end)

Always logs out afterwards, even if fun raises.