| *** mhen_ is now known as mhen | 01:29 | |
| LinuZZ1 | Hi there, is there anyone using barbican with a YubiHSM and if yes, is there documentation on how to get it working? | 08:57 |
|---|---|---|
| dmendiza[m] | Hi LinuZZ1 ! Currently Barbican does not support teh YubiHSM | 11:26 |
| dmendiza[m] | last time I looked at it, YubiHSM needed to be accessed using a custom python library, which would need a new implementation of the SecretStore interface to work | 11:27 |
| dmendiza[m] | unless YubiHSM started supporting PKCS#11 since then? ... But I think I would have heard about that. | 11:28 |
| dmendiza[m] | In any case, Barbican only supports HSMs with PKCS#11 or KMIP support. | 11:28 |
| jrosser | dmendiza[m]: I spent a quite a bunch of time hacking on yubihsm with Barbican | 11:53 |
| jrosser | it does support pkcs#11 but not quite the same subset that Barbican wants | 11:54 |
| jrosser | specifically I think it could not generate an AES key - I believe that some of this has been made more complete in newer versions of the firmware | 11:56 |
| jrosser | https://developers.yubico.com/yubihsm-shell/yubihsm-pkcs11.html | 11:58 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!