Comments (6)
Francis Dupont added a comment - 2013-10-25 17:14
Thanks for the URL.
I have no objection: it seems a good idea if we can get asym crypto support too (doesn't seem to be the case BTW).
When I said I have no objection I was not fully right: I am reluctant to use any crypto which will be never FIPS 140-2 (or national equivalent) certified…
from softhsmv2.
Francis Dupont added a comment - 2013-10-27 09:27 - edited
Two notes:
- the Common Crypto (the low level API) documentation is very poor and incomplete (fortunately the sources are freely available). So in fact it provides far more than described in the man.
- Apple announced the crypto part (what exactly?) of OX X and iOS will be FIPS 140-2 certified.
from softhsmv2.
Francis Dupont added a comment - 2013-10-28 15:41
Commenting again: we have three choices:
- give up, i.e., support only hash, mac and symmetric ciphers. BTW I have the code and it is just enough for running a HSM.
- import includes from Apple open source site so we have the defines to use the Common Crypto library for undocumented entries. I have a mixed opinion about this because I don't know the reason Apple provides only one part of the API mans/includes.
- retro engineer the real implementation (corecrypto) but without any doc and only some includes (with the kernel (aka xnu) sources). I don't believe to fuzz a crypto API is the best thing to do, even it is the library which is the target of the FIPS 140-2 certification. It is better to stay to the official API (i.e., Common Crypto) which exports corecrypto crypto protocol implementations.
PS: the other APIs are either too high level (keychain stuff) or officially no longer supported (CDSA/CSSM).
from softhsmv2.
Francis Dupont added a comment - 2013-10-28 19:45
BTW I checked for the second option (i.e., use undocumented but present entries of Common Crypto): a trivial RSA key pair create, get components (primes, not the CRT coefficients) and rebuild the key pairs failed on my dev box (last 10.8.5) but succeeded on another box I upgraded to 10.9 (last OS X)… Did you say undocumented == unsupported?
from softhsmv2.
Let's revisit the impact of this for 2.5.0, but it seems like it might be a lot of work. Would be nice to support this on OS X though. I think it would be helpful to open a similar issue for using core crypto services on Windows (rather than OpenSSL or Botan).
from softhsmv2.
Hint for potential implementer: pvpkcs11 implements PKCS#11 API on top of CommonCrypto.
from softhsmv2.
Related Issues (20)
- Configure fails with >= botan 3.0.0
- C_Decrypt sometimes fails to decrypt properly
- Import fails with RSA-PSS keys HOT 1
- SIGSEGV using OpenSSL 3 PKCS11 provider with SoftHSM2 + Botan HOT 1
- ECB is not supported by Botan HOT 1
- Getting SIGSEGV in EVP_MD_CTX_free HOT 1
- Implements RFC5649 as CKM_AES_KEY_WRAP_PAD but should actually be CKM_AES_KEY_WRAP_KWP
- Per-slot configuration
- openssl operations involving pcks11 and softHSM result in segfault on exit HOT 9
- AES/GCM multi-part decryption fails with CKR_BUFFER_TOO_SMALL HOT 1
- Unit Tests fails HOT 4
- Make check test fails on OS X HOT 2
- AES key file format for import HOT 1
- Possible problem with v2.6.1 with RHEL8 in FIPS mode and using Java 17 HOT 4
- Documentation for SoftHSM is inaccessible HOT 4
- Coredump / Alma/rhel 9 HOT 2
- decrypting scrambled ciphered text with RSA succeeded on RHEL9 unexpectedly
- SoftHSM on AIX
- Issues with configure option `--with-openssl=PATH`
- Any chance for SignRecover and VerifyRecover implementation? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from softhsmv2.