The goal of this switch is to save costs (only paying for a key in KMS instead of a full running hardware HSM), increase
flexibility (by being able to authenticate via Identity Federation from e.g. running AWS node or GHA runner), without reducing security (key is still stored in hardware HSM in backend, non-exportable).
windows-msi: Switch signing to use jsign.jar instead of signtool to allow more flexibility in key stores.
windows-msi: Switch sign-openvpn.bat to only sign one architecture. (Cleanup)
windows-msi: Fix sign-openvpn.bat to sign openvpnmsica.dll instead of non-existant openvpnmsica.exe. (Bugfix)
windows-msi: Fix sign-openvpn.bat to not sign unit tests executables and cmocka.dll. (Cleanup)
windows-msi: Remove sign-binaries.bat intermediate script. Didn't seem to serve any purpose anymore. (Cleanup)
release: Remove AWS CloudHSM support and add GoogleCloud KMS instead. Adapt to changes in windows-msi.
The goal of this switch is to save costs (only paying for a key in KMS instead of a full running hardware HSM), increase flexibility (by being able to authenticate via Identity Federation from e.g. running AWS node or GHA runner), without reducing security (key is still stored in hardware HSM in backend, non-exportable).