[Cryptech-Commits] [sw/pkcs11] branch master updated: Update README.md.
git at cryptech.is
git at cryptech.is
Tue Sep 22 21:29:45 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
The following commit(s) were added to refs/heads/master by this push:
new 9335f7d Update README.md.
9335f7d is described below
commit 9335f7d04180bb1faf9c50796d453ad884b3837b
Author: Rob Austein <sra at hactrn.net>
Date: Tue Sep 22 17:29:20 2015 -0400
Update README.md.
---
README.md | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 2ddcb09..7f7972c 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,12 @@ specification includes enough rope for an unwary developer to hang not
only himself, but all of his friends, relations, and casual
acquaintances.
+Along with the PKCS #11 library itself, the package includes a
+companion Python interface ("py11"), which uses the ctypes module from
+the Python standard library to talk to the PKCS #11 implementation.
+The Python implementation is intended primarily to simplify testing
+the C code.
+
## Novel design features ##
@@ -25,8 +31,9 @@ the necessary type checking.
## Current status ##
-As of this writing, the implementation supports only the RSA, SHA-1,
-and SHA-2 algorithms, but the design is intended to be extensible.
+As of this writing, the implementation supports only the RSA, ECDSA,
+SHA-1, and SHA-2 algorithms, but the design is intended to be
+extensible.
The underlying cryptographic support comes from the [Cryptech][]
`libhal` package.
@@ -36,15 +43,17 @@ also need to change (more on this below).
Testing to date has been done using the `bin/pkcs11/` tools from the
BIND9 distribution, the `hsmcheck` and `ods-hsmutil` tools from the
-OpenDNSSEC distribution, and the `hsmbully` diagnostic tool. Beyond
+OpenDNSSEC distribution, the `hsmbully` diagnostic tool, and a
+preliminary set of unit tests using Python's unittest library. Beyond
the test results (such as they are) reported by these tools, the
primary test of whether the PKCS #11 code is working as expected has
been validation of the signed DNSSEC data generated by `hsmcheck -s`,
via a script using [DNSPython][].
In a nutshell, the current state is that the code runs without
-throwing any obvious errors, and generates what DNSPython thinks are
-good signatures. More testing would be a really good idea.
+throwing any obvious errors, generates what DNSPython thinks are good
+signatures, and passes some fairly basic tests. More testing would be
+a really good idea.
## Open issue: SQLite3 ##
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list