[Cryptech Tech] Revised keystore API and keystore flash "filesystem"

Rob Austein sra at hactrn.net
Sat Sep 17 19:56:00 UTC 2016


> So this means no more sqlite3-dependency anywhere in the code or
> just the p11 part (just curious)?

PKCS #11 is already the only sqlite3 dependency.

Getting rid of the SQLite3 database is a mixed blessing.  On the one
hand, having data split between the HSM and the client database means
they can get out of sync; on the other hand, the stuff that's kept in
the client database doesn't have to bother the HSM at all.  So getting
rid of the database tends to bloat the HSM with relatively useless
crap which is only there to support PKCS #11, not to do crypto.  Feh.

So the challenge is to do it in a way that has minimal impact on the
HSM's more critical functions.


More information about the Tech mailing list