[Cryptech Core] libhal / PKCS #11 status

Rob Austein sra at hactrn.net
Thu Jun 25 00:49:12 UTC 2015


At Wed, 24 Jun 2015 16:57:57 +0200, Jakob Schlyter wrote:
> 
> If we can pass "ods-hsmutil test" I'm happy enough to start testing.

It passes "ods-hsmutil test".  Well, for the parts we expected: no DSA
or GOST, and we insist that RSA keys be at least 1024 bits.  The
latter can be changed easily enough if we really want to do that.

In theory the current code should support up to 8192 bit keys, but
that's not been tested; largest key I've seen work was a 6800 bit key
hsmbully generated as part of its signing tests.  At some point when I
don't need my Novena for anything else for a few days I may leave the
long version of the hsmbully signing test running.

At this point both Paul and Jakob need build instructions, so I'll
write something up.  In the long term the build for most people will
come from the release engineering work that Paul's been doing.



More information about the Core mailing list