Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
Assignees
Labels
code health
Issues concerning overall code quality, safety and best practice
Comments
paulhowardarm
added
the
code health
|
The work on adding the safe abstraction layer is now located on the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Refactor the Parsec PKCS#11 provider so that it consumes the newer, safer types and interfaces in the Rust PKCS#11 library.
Background
The Rust PKCS#11 provider allows Parsec to work with hardware security modules and similar systems that adopt the Oasis PKCS#11 Standard.
The PKCS11 provider makes use of a suite of Rust PKCS11 bindings from the rust-pkcs11 project.
Parsec project contributors have noted some safety improvements that could be made to these interfaces. For details see: mheese/rust-pkcs11#38
There is a fork of the PKCS#11 library created by @joechrisellis that implements the recommended changes to the Rust library: https://github.com/joechrisellis/rust-pkcs11/tree/new-abstraction
This branch reworks the library into a lower-level
pkcs11-sysmodule, and higher-levelpkcs11module, the latter containing a new set of abstractions aimed at consumption into application code.Once these new interfaces are made available, either by PR into the original project, or by creating a new separate project, it will be possible to refactor the PKCS#11 provider in Parsec to consume these interfaces.
This issue has been raised to track for the future.
The text was updated successfully, but these errors were encountered: