[Cryptech-Commits] [sw/pkcs11] branch master updated: Update README.md.

git at cryptech.is git at cryptech.is
Tue Sep 22 21:29:45 UTC 2015

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

The following commit(s) were added to refs/heads/master by this push:
       new  9335f7d   Update README.md.
9335f7d is described below

commit 9335f7d04180bb1faf9c50796d453ad884b3837b
Author: Rob Austein <sra at hactrn.net>
Date:   Tue Sep 22 17:29:20 2015 -0400

    Update README.md.
 README.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 2ddcb09..7f7972c 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,12 @@ specification includes enough rope for an unwary developer to hang not
 only himself, but all of his friends, relations, and casual
+Along with the PKCS #11 library itself, the package includes a
+companion Python interface ("py11"), which uses the ctypes module from
+the Python standard library to talk to the PKCS #11 implementation.
+The Python implementation is intended primarily to simplify testing
+the C code.
 ## Novel design features ##
@@ -25,8 +31,9 @@ the necessary type checking.
 ## Current status ##
-As of this writing, the implementation supports only the RSA, SHA-1,
-and SHA-2 algorithms, but the design is intended to be extensible.
+As of this writing, the implementation supports only the RSA, ECDSA,
+SHA-1, and SHA-2 algorithms, but the design is intended to be
 The underlying cryptographic support comes from the [Cryptech][]
 `libhal` package.
@@ -36,15 +43,17 @@ also need to change (more on this below).
 Testing to date has been done using the `bin/pkcs11/` tools from the
 BIND9 distribution, the `hsmcheck` and `ods-hsmutil` tools from the
-OpenDNSSEC distribution, and the `hsmbully` diagnostic tool.  Beyond
+OpenDNSSEC distribution, the `hsmbully` diagnostic tool, and a
+preliminary set of unit tests using Python's unittest library.  Beyond
 the test results (such as they are) reported by these tools, the
 primary test of whether the PKCS #11 code is working as expected has
 been validation of the signed DNSSEC data generated by `hsmcheck -s`,
 via a script using [DNSPython][].
 In a nutshell, the current state is that the code runs without
-throwing any obvious errors, and generates what DNSPython thinks are
-good signatures.  More testing would be a really good idea.
+throwing any obvious errors, generates what DNSPython thinks are good
+signatures, and passes some fairly basic tests.  More testing would be
+a really good idea.
 ## Open issue: SQLite3 ##

To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Commits mailing list