Open dylrich opened 2 weeks ago
Hi @dylrich
We would certainly consider it, can you please provide some additional information about your proposed implementation? We are also refactoring that will make this easier to start once they're merged: https://github.com/dotnet/sign/pull/700 & https://github.com/dotnet/sign/pull/703
Hi @clairernovotny , thanks for the fast response!
We're not sure about the answers to your questions yet and are still working out details about what this might look like. We were mostly curious about if this effort would even be desired upstream! I'll let you know as soon as possible once we have more answers about what exactly we were thinking about.
Hi @clairernovotny,
How would you and the team feel about this approach?
We use this library to sign Nuget packages with certificates stored in Azure Key Vault. However, we'd prefer to not directly talk to Azure Key Vault, but instead use a PKCS#11 library to request signatures from Azure Key Vault. Our PKCS#11 library serves as a standardized authentication and management layer for keys and certificates that we use for other, non-nuget signatures. If this tool supported PKCS#11, we could use this interface for all types of signing. Additionally, it would allow users to sign packages in a wider range of HSM backends beyond just Azure Key Vault, though this isn't the main motivation for us.
Would this project consider accepting a Pull Request that contained a PKCS#11 implementation? It seems like it would need to satisfy these two interfaces if we're reading the code correctly.