How to deal with HSM based keys?

FGasper / p5-Crypt-Perl

CPAN’s Crypt::Perl

Other

4 stars 4 forks source link

How to deal with HSM based keys? #13

Open kelson42 opened 5 years ago

kelson42 commented 5 years ago

It simple impossible to deal with that module if the key material is not directly available?

It seems impossible to:

Import the key material/signature
Export the TBS part of the CSR

How would looks like the solution?

FGasper commented 5 years ago

I’m not familiar with HSMs and am not sure this would fall within Crypt::Perl’s intent to remain a pure-Perl library.

I am also not sure what you mean by “TBS”. Can you please explain? Crypt::Perl doesn’t currently expose CSR parser logic; there is at least one module on CPAN that does this, I believe in pure Perl.

kelson42 commented 5 years ago

@FGasper Thx for your quick reply. I mean with TBS, the "To Be Signed" part of the CSR (the BLOB to be send to the signature algorithm).

FGasper commented 5 years ago

Ah, OK.

Crypt::PKCS10 may expose that functionality; if not, it wouldn’t be hard to get there via Convert::ASN1 directly,

kelson42 commented 5 years ago

@FGasper If I make a patch exposing the necessary internals to allow to do so, would you consider reviewing it?

FGasper commented 5 years ago

I’d have a look, sure.