Conversation
mikelodder7
requested review from
brentzundel,
danintel,
dcmiddle,
dhuseby,
dubovitskaya,
hartm,
lovesh,
mac-arrap,
manudrijvers and
vaporos
as code owners
| # Prior art | ||
| [prior-art]: #prior-art | ||
| This provider model is extremely common in the crypto world with implementations like [PKCS11](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html) | ||
| Microsoft CNG, Java JCA, [Parsec](https://github.com/parallaxsecond/parsec), and others. |
There was a problem hiding this comment.
May want to consider linking webkms, w3c-ccg/webkms#4
There was a problem hiding this comment.
Possibly. Thanks for linking us from them. I hope they have something more concrete soon. Looking at it now, it doesn’t have much. Maybe we should invite them to this discussion?!?
There was a problem hiding this comment.
Here's something a bit more concrete... we're still finalizing the API and didn't want to write the spec bits until we ship something more stable to customers.
These docs aren't great, but they're the best we have unless someone wants to start diving into the code:
https://github.com/digitalbazaar/webkms-client/#api-reference
This may also be of interest wrt. the KMS API operations we're looking at standardizing:
https://github.com/digitalbazaar/webkms-switch/tree/master/lib/schemas
| # Summary | ||
| [summary]: #summary | ||
| Hardware security modules(HSM)/Trusted Execution Environments(TEE)/Secure enclaves are becoming more common for specialized cryptography key management. | ||
| This RFC describes a common API that can be used for interacting with enclaves in Ursa. This API allows for |
There was a problem hiding this comment.
Is this API intended to be usable outside of Rust?
If so, may want to separate the abstract API from a concrete implementation in Rust... also might be easier to align with other things if that were the case.
There was a problem hiding this comment.
Thanks for reviewing this. I agree that the API should be abstract. That’s why I’ve designed it this way. I do say while the concrete example here is in Rust, the API could easily be adapted to any other language. Rust also compiles to WASM and C. I fully intend for this to be as widely adoptable and portable as possible.
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
Signed-off-by: Michael Lodder <redmike7@gmail.com>
3 participants
This PR adds the enclave APIs description to Ursa.