[Cryptech-Commits] [sw/pkcs11] branch ksng updated: Update README.md.
git at cryptech.is
git at cryptech.is
Wed May 10 02:59:20 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ksng
in repository sw/pkcs11.
The following commit(s) were added to refs/heads/ksng by this push:
new 743ec40 Update README.md.
743ec40 is described below
commit 743ec40231db809d22487ee60f64d00b7b845807
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue May 9 22:59:04 2017 -0400
Update README.md.
---
README.md | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index 0671398..d846fe2 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,11 @@ Along with the PKCS #11 library itself, the package includes a
companion Python interface ("cryptech.py11"), which uses the ctypes
module from the Python standard library to talk to the PKCS #11
implementation. The Python implementation is intended primarily to
-simplify testing the C code, but can be used for other purposes.
+simplify testing the C code, but can be used for other purposes; while
+it seems unlikely that anything could ever make PKCS #11 "fun", the
+`cryptech.py11` library attempts to make it a bit less awful by
+providing both direct acess to the raw PKCS #11 API and a somewhat
+more "pythonic" API layered on top of the raw API.
## Novel design features ##
@@ -40,17 +44,15 @@ The underlying cryptographic support comes from the [Cryptech][]
Testing to date has been done using the `bin/pkcs11/` tools from the
BIND9 distribution, the `hsmcheck` and `ods-hsmutil` tools from the
-OpenDNSSEC distribution, the `hsmbully` diagnostic tool, and a
-preliminary set of unit tests using Python's unittest library. Beyond
-the test results (such as they are) reported by these tools, the
-primary test of whether the PKCS #11 code is working as expected has
-been validation of the signed DNSSEC data generated by `hsmcheck -s`,
-via a script using [DNSPython][].
+OpenDNSSEC distribution, the `hsmbully` diagnostic tool, the Google
+`pkcs11test` test suite, and a somewhat ad hoc set of unit tests using
+Python's unittest library along with our own `cryptech.py11` library.
-In a nutshell, the current state is that the code runs without
-throwing any obvious errors, generates what DNSPython thinks are good
-signatures, and passes some fairly basic tests. More testing would be
-a really good idea.
+The library is also known to work as an `OpenSSL` engine when used
+with the `engine-pkcs11` package spun out of the OpenSC project. This
+has not been tested extensively, but key generation, signature, and
+verification all work (with RSA keys -- the engine appears not to
+understand ECDSA keys, we have not investigated into details here).
## Copyright status ##
@@ -63,5 +65,4 @@ Code written for the [Cryptech][] project is under the usual Cryptech
BSD-style license.
[PKCS11]: http://www.cryptsoft.com/pkcs11doc/STANDARD/ "PKCS #11"
-[DNSPython]: http://www.dnspython.org/ "DNSPython"
[Cryptech]: https://cryptech.is/ "Cryptech"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list