| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-11-06 | Export/import "raw" keys for external storage. | Paul Selkirk | |
| Exported keys are wrapped with the MKM KEK, not a transit KEK, and can only be imported back to the same HSM. The idea is to support operators who have more keys than will fit on the HSM, so they will cycle keys into and out of the HSM as needed. NOTE that hashsig is, as always, special. The hashsig key has an internal index that is updated on every signature. To prevent a hashsig key from being re-imported with an old index (which would compromise the security of the key), the hashsig key is disabled on export, and must be deleted from the HSM before being re-imported. | |||
| 2019-04-09 | Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig, | Paul Selkirk | |
| over a year ago. | |||
| 2018-03-21 | Supply our own context manager instead of using contextlib. | Rob Austein | |
| contextlib is cute, but incompatible with other coroutine schemes like Tornado, so just write our own context manager for xdrlib.Unpacker. | |||
| 2017-09-15 | 4096-bit RSA keys working again, with 8k keystore "blocks". | Rob Austein | |
| 2017-06-11 | None is more Pythonic than "" as indicator for "no key" | Rob Austein | |
| 2017-05-28 | Almost compiles. | Rob Austein | |
| Need to refactor init sequence slightly (again), this time to humor the bootloader, which has its own special read-only view of the PIN block in the token keystore. | |||
| 2017-04-14 | Python interface API will need to be cryptech.libhal for installation. | Rob Austein | |
 |
index : sw/libhal | |
| Cryptech libhal: crypto software, HSM management, RPC | git repositories |
| aboutsummaryrefslogtreecommitdiff |