Comments (5)
Hey, thanks for getting in touch here as well 😄 And happy new year!
I think one other way to approach it would be to simply expose that bit of the interface gated under a Cargo feature (say, entrust-hsm
), and otherwise implement the wrapper as you would for any other bit of functionality. Unless there's something that I'm missing, as I don't think I've tried anything like this before 🤔
from rust-cryptoki.
Hmmmmmmmm... On closer inspection following the conversation in #113 , I noticed that on the Entrust PKCS11 documentation page:
- They link to version 2.40 of the spec.
- They then mention EdDSA as a valid mechanism in the supported list (see here)
However, 2.40 does not mention EdDSA as a supported mechanism. At the same time, our header file - which is also, presumably, v2.40 - also contains an EdDSA constant. What.
from rust-cryptoki.
Their documentation isn't exactly the best.
I mostly rely on their code samples and try and error.
I don't believe I can share the code samples as it's in a software bundle that I'm not allowed to redistribute.
Ha, well I didn't expect you to support a flavor for the vendor. I meant that I would have made a secondary library to support my use-case backed by cryptoki and that I needed cryptoki to expose the internals. I didn't expect you to support this vendor (or any).
If you're okay with this, then I'd be happy to go that way, but that places the maintenance burden on you. And if you don't have access to the hardware, ... anyway. Up to you.
from rust-cryptoki.
And if you don't have access to the hardware
If you create a separate library, would you run the CI straight against your HSM (or some simulator for it) to test the functionality? If so, then maybe that's a bonus point for that approach. But if not, and all testing is done manually or through some workload running somewhere separately from the "official" CI, then I don't think there's much of a difference between the two approaches.
but that places the maintenance burden on you.
It places some of the maintenance burden on us 😉 but ultimately it will come down to the users of that HSM to identify and fix the bugs in good faith, we could only check that it builds, via CI.
I can see a case being made either way, feel free to go down whichever route you think would be easier to use. And PRs are welcome, of course.
from rust-cryptoki.
I don't have a simulator. All of it is tested by hand :(
And even if a simulator existed (I'd have to ask their support), this is unlikely something I can publish as it will be tied to the same export control shenanigans.
Will definitely send a PR!
from rust-cryptoki.
Related Issues (20)
- Missing constants for x86_64-unknown-linux-gnu HOT 6
- Function name as part of errors HOT 3
- CKA_PUBLIC_KEY_INFO getting TypeInvalid HOT 8
- Wrapper for C_WaitForSlotEvent HOT 5
- finalize() without drop()? HOT 1
- `clone()` and `is_initialized()` HOT 13
- bug: `is_fn_supported()` always returns `true` HOT 1
- UserNotLoggedIn calling decrypt after login.... HOT 5
- Signing and Verifying HOT 2
- PKCS OAEP padding always returns: Pkcs11(ArgumentsBad) HOT 3
- test slot::token_info::test::debug_info fails on 32-bit architectures. HOT 1
- Add Wycheproof-based tests
- Wasm support HOT 2
- session.login fails on MacOS Sonoma HOT 8
- New release? HOT 6
- PkcsOaepParams HOT 3
- Build of cryptoki v0.6.1 failing on Fedora 39+ HOT 23
- Cannot init_token using an HSM with PED
- Do not call C_Finalize if not initialized
- Add support for C_GetInterfaceList
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rust-cryptoki.