clairernovotny
commented
2 weeks ago Hi @dylrich
We would certainly consider it, can you please provide some additional information about your proposed implementation? We are also refactoring that will make this easier to start once they're merged: https://github.com/dotnet/sign/pull/700 & https://github.com/dotnet/sign/pull/703
- Is the implementation entirely managed or is there native code too? If there's native code, what platforms are supported?
- What are the required parameters needed to configure the provider?
- Any other details about the implementation? Is it new code or is it coming from an existing source.
dylrich
We use this library to sign Nuget packages with certificates stored in Azure Key Vault. However, we'd prefer to not directly talk to Azure Key Vault, but instead use a PKCS#11 library to request signatures from Azure Key Vault. Our PKCS#11 library serves as a standardized authentication and management layer for keys and certificates that we use for other, non-nuget signatures. If this tool supported PKCS#11, we could use this interface for all types of signing. Additionally, it would allow users to sign packages in a wider range of HSM backends beyond just Azure Key Vault, though this isn't the main motivation for us.
Would this project consider accepting a Pull Request that contained a PKCS#11 implementation? It seems like it would need to satisfy these two interfaces if we're reading the code correctly.