Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add PKCS#11 support in mender-artifact

Description

As of today, mender-artifact supports artifact signing using key pairs (RSA, ECDSA256) read from files, Google Cloud Key Management and Hashicorp Vault. The goal of this epic is adding support ofr PKCS#11 in mender-artifact to use any PKCS#11-compatible interface to sign a Mender Artifact.

Acceptance criteria:

  • mender-artifact sign command supports a new option to use a pkcs#11 interface to sign the artifact, in addition to --key, --gcp-kms-key and --gcp-kms-key.

Risk & mitigation

None

Market Goal

None
100% Done
Loading...

Checklist

Activity

Show:

Fabio TranchitellaAugust 11, 2022 at 2:54 AM

Thank you, . Let's merge the two epics.

Peter GrzybowskiAugust 10, 2022 at 9:18 AM

as I mentioned during grooming, and as just commented on slack, we already have an epic for that:

https://tracker.mender.io/browse/MEN-3163

heads up also for that one:

https://tracker.mender.io/browse/MEN-3959

once we explore the public key in HSM via pkcs we can try to take it easily.

this one and are basically duplicates.

Fabio TranchitellaAugust 10, 2022 at 8:27 AM

 can you check if we already have a task to sign the artifacts using HSM? If that's the case, please move it to this epic.

Unresolved

Details

Assignee

Reporter

Labels

Epic Name

Plan

Open source
Starter
Professional
Enterprise

Goals

None

Priority

Backlog

yes

Story Points

Zendesk Support

Checklist

Created August 7, 2022 at 6:19 AM
Updated October 30, 2022 at 5:50 PM