openstack/barbican
Code Issues Proposed changes
1262c9b204
barbican/etc
History
Paul Kehrer e9541942a2 PKCS11 refactor to use a master KEK and per project KEK 
The plugin now supports rotating master KEK and verifies integrity of
project KEKs via HMAC (GCM is unavailable as a mechanism for Wrap/Unwrap
operations). The master KEK and HMAC key are generated as separate keys
in the HSM.

This key wrapping approach is taken because most HSMs do not have the
ability to use KDFs such as HKDF while keeping the derived key material
within the HSM.

Implements: blueprint restructure-pkcs11-plugin
Change-Id: Ic777ba0484cdbe71d6ee00fa33f8b4c9fc430e00
2014-09-11 12:17:31 -05:00
..
barbican PKCS11 refactor to use a master KEK and per project KEK 2014-09-11 12:17:31 -05:00
init Barbican uWSGI stats server listen on localhost 2014-03-06 11:50:27 -06:00
logrotate.d Added barbican-api rpm packaging. 2013-07-08 18:05:38 -05:00