The most involved thing I’ve had to learn this year is how to actually use PKCS #11 to talk to crypto hardware. It’s actually not that clear. Most of the examples are buried in random bits of C from vendors like Oracle or IBM; and the spec itself is pretty dense. Especially when it comes to understanding how you actually use it, and what all the bits and pieces do.
In honour of our Prime Minister saying he should have NOBUS access into our cryptography, which is why we should all start using hardware encryption modules (did you know you can use your TPM) and thus in order to save the next girl 6 months of poking around on a piece of hardware she doesn’t really *get*, I started a document: Applied PKCS#11.
The later sections refer to the API exposed by python-pkcs11, but the first part is generally relevant. Hopefully it makes sense, I’m super keen to get feedback if I’ve made any huge logical leaps etc.
Thank you so much for writing this!
I’ve tried to wrestle my way though the strange and unconnected bits of PKCS documentation once or twice, but this finally made it all “click”. 🙂
You’re welcome. It’s all really remarkably appallingly documented. I’ve spent who knows how much time trawling through standards, RFCs and bits my Oracle and IBM to put all this together. Especially how to do bits like stream large files through the device (seriously I feel like everyone’s library RSA signs Hello World and leaves it there). I felt a bit like calling it applied PKCS #11 is a bit extravagant since it hides most of the detail away in the module but I’m quite happy with how clean the code has turned out, so it wouldn’t be too hard for someone to go a step further.
Hello,
I have a question about another post, but the comments are closed, this is the post:
https://blogs.gnome.org/danni/2013/03/07/generating-json-from-sqlalchemy-objects/
It’s possible to contact with you in any other way?
I posted the question in stackoverflow if you want to take a look:
https://stackoverflow.com/questions/44778907/generating-json-from-sqlalchemy-base-class-including-subclases-from-relationship
Thanks in advance!!
I think Stackoverflow is a great place for this question. I’ll see if I can think of an answer!