Barbican

Support for YubiHSM 2 as PKCS11 backend

Bug #2042949 reported by Michel Nederlof
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Barbican
In Progress
Undecided
Unassigned

Bug Description

We're in the process of using the YubiHSM 2 [1] as a backend store for barbican.

It almost works, but it would need some small additions on the barbican code side to get it to work properly. We're working on that :)

Some caveats upfront:
- Minimal firmware version required: v2.3.1
  (otherwise the encrypt/decrypt methods are not available on the device [3])

Developers information can be found on yubico website [2]

[1] https://www.yubico.com/nl/product/yubihsm-2/
[2] https://developers.yubico.com/YubiHSM2/
[3] https://developers.yubico.com/YubiHSM2/Concepts/Capability.html

Tags: yubihsm
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/barbican/+/900107

Changed in barbican:
status: New → In Progress
Revision history for this message
Josselin Mouette (jmouette) wrote :

Thanks a lot for the patch. We are using YubiHSM as well and your work helped us immensely.

It was not entirely enough, though, which is why I’m proposing a small supplemental change.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.