add support for using HSM keys?

[ivmaykov]

I would like to use RNP with HSM (hardware security module) keys. I think this requires the ability to specify a custom secret key implementation (where the "key material" is some identifier for the hardware key) and a custom crypto engine (i.e. for signing, replace the call to signature_calculate() in stream-write.cpp with a user-provided function). If the APIs are well-designed, then this could be entirely vendor-agnostic, and "glue code" could be written for any particular HSM vendor to allow their keys to be used with RNP.

How hard would it be to add this functionality? (Or if it already exists and I misunderstood the code, how would I use it?)

[ronaldtse]

@ivmaykov thanks for the suggestion!

I don’t think HSM is supported by the RNP API today, but indeed would be a welcome enhancement.

Thoughts @dewyatt @ni4?

[ni4]

@ronaldtse It would be a good feature to add. Now most crypto calls are well separated from the base code, so it should not be as complicated as it was before. However, besides the crypto, some more work will be required from the interface part - functions to access HSM/FFI functions/CLI commands/etc.

[ivmaykov]

@ronaldtse @dewyatt @ni4: If we wanted to hire a project committer as a short-term contractor to get HSM support done somewhat quickly (within a couple weeks maybe?), how would we go about it? Or do all of you have full-time jobs elsewhere that would preclude that from happening?

[dewyatt]

Speaking for myself, I can't really spare the time right now to work on HSM support. Also, I'm not sure I would be comfortable with trying to rush something like that into a couple weeks.

On a side note, myself and @ni4 are contractors hired by @ronaldtse to work on rnp and various other projects. rnp is primarily developed by the two of us, with guidance from Ronald.

[ronaldtse]

@ivmaykov our upcoming schedule is currently packed, but that doesn’t meant we can’t reshuffle some things if there is a real urgent need that can help us validate the HSM portion.

Would you mind letting us know how exactly you plan to use the HSM portion with some detail? You can always send it to us at “support@ribose.com” to keep things out of sight.

[ronaldtse]

We've discussed internally and we could potentially implement HSM support as described in the timeframe, but since @ivmaykov you're going to be the first user of this (outside internal testing), we will need your support and feedback in ensuring that the developed functionality actually works for you.

Does this sound good?

[ivmaykov]

@ronaldtse Thanks for the replies! I will follow up with you using the email address you provided.

[ronaldtse]

@ivmaykov don't mean to hurry, looking forward to your email. 😄

[ivmaykov]

@ronaldtse I think for the time being we're not going to use RNP. We've figured out another solution using Golang and its built-in openpgp library. If that doesn't work well and we have to go back to C++, I will let you know.

[ronaldtse]

@ivmaykov While nonetheless disappointing, thanks for letting us know. We'll move on with our backlog as planned.