PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge.
Read the Parsec documentation online.
Read the whitepaper Security for the Infrastructure Edge.
Use Parsec when you need:
- A portable interface to your platform's Root of Trust in order to manage keys and perform cryptographic operations without knowledge of the hardware.
- A simple and portable way to access the best available security of your platform in your preferred programming language.
The value proposition of Parsec is that it provides the following:
- Abstraction – a common API that is truly agnostic and based on modern cryptographic principles
- Mediation – security as a microservice, brokering access to the hardware and providing isolated key stores in a multi-tenant environment
- Ergonomics – a client library ecosystem that brings the API to the fingertips of developers in any programming language: “easy to consume, hard to get wrong”
- Openness – an open-source project inviting contributions to enhance the ecosystem both within the service and among its client libraries
PARSEC is a collaborative project. The current list of the individuals and organizations who maintain this project can be found here.
See who is using and contributing to PARSEC.
Parsec is a new open source project and is under active development. This code repository is being made available so that the developer community can learn and give feedback about the new interfaces and the concepts of platform-agnostic security. The implementation that is provided is suitable for exploratory testing and experimentation only. This test implementation does not offer any tangible security benefits and therefore is not suitable for use in production. Documentation pages may be incomplete and are subject to change without notice. Interfaces may change in such a way as to break compatibility with client code. Contributions from the developer community are welcome. Please refer to the contribution guidelines.
Launch the Parsec service with a single software-based provider (using the default configuration):
$ git clone https://github.com/parallaxsecond/parsec.git
$ cd parsec
$ RUST_LOG=info cargo runParsec Client Libraries can now communicate with the service. For example using the Rust Test client, RSA signatures can be done as follows:
use parsec_client_test::TestClient;
let mut client = TestClient::new();
let key_name = String::from("🔑 What shall I sign? 🔑");
client.generate_rsa_sign_key(key_name.clone()).unwrap();
let signature = client.sign(key_name,
String::from("Platform AbstRaction for SECurity").into_bytes())
.unwrap();Check the user, client developer and service developer guides for more information on building, installing, testing and using Parsec!
Come and talk to us in ourSlack channel! Here is how to join the workspace.
Also join the biweekly meeting with Parsec maintainers and community members. The meeting is open to the public and everyone is encouraged to attend. We will use the time to discuss features, integrations, issues, and roadmap. We look forward to seeing you all.
We would be happy for you to contribute to Parsec! Check the Contributing file to know more about the contribution process. For a list of current contributors, check here. Check the open issues on the board if you need any ideas 🙂!
The software is provided under Apache-2.0. Contributions to this project are accepted under the same license.
This project uses the following third party crates:
- serde (MIT and Apache-2.0)
- bindgen (BSD-3-Clause)
- cargo_toml (Apache-2.0)
- toml (MIT and Apache-2.0)
- rand (MIT and Apache-2.0)
- base64 (MIT and Apache-2.0)
- uuid (MIT and Apache-2.0)
- threadpool (MIT and Apache-2.0)
- std-semaphore (MIT and Apache-2.0)
- num_cpus (MIT and Apache-2.0)
- signal-hook (MIT and Apache-2.0)
- sd-notify (MIT and Apache-2.0)
- log (MIT and Apache-2.0)
- env_logger (MIT and Apache-2.0)
- pkcs11 (Apache-2.0)
- picky-asn1-der (MIT and Apache-2.0)
- picky-asn1 (MIT and Apache-2.0)
- bincode (MIT)
- structopt (MIT and Apache-2.0)
- derivative (MIT and Apache-2.0)
- arbitrary (MIT and Apache-2.0)
- libfuzzer-sys (MIT, Apache-2.0 and NCSA)
- flexi_logger (MIT and Apache-2.0)
- lazy_static (MIT and Apache-2.0)
- version (MIT and Apache-2.0)
This project uses the following third party libraries:
- Mbed Crypto (Apache-2.0)