6d0248e9d9
The barbican-hsm-plugin interface provides a mechanism for the Barbican charm to communicate with an HSM plugin. The plugin (from the Barbican perspective) is provided as a PKCS#11 compliant library (.so) and so is local to the Barbican installation. Thus, the hsm-plugin charms are subordinate to the Barbican charm and run on the same unit. This change also provides two actions (generate-mkek and generate-hmac) which are 'one-off' operations to initialise the HSM with the global master keys. Add a note to the README that the generate-mkek and generate-hmac actions may only be done once as the HSM may reject overwriting the key. Add Apache2.0 LICENSE and license headers to files Removed redundant copyright file Change the reference for the internal port to 9311 The barbican project changed the INTERNAL port to the same as the PUBLIC port. Add in seed_file and seed_length to template. These are needed for a change in Barbican to support seeding the RNG in the HSM if required. They are set to /dev/random and 32. Fetch the barbican sources from a PPA (for bug: 1599550) Remove the trusty support for Py3 from install hook
9 lines
240 B
YAML
9 lines
240 B
YAML
generate-mkek:
|
|
description: |
|
|
Generate an MKEK in the associated HSM (via the barbican-hsm-plugin
|
|
interface).
|
|
generate-hmac:
|
|
description: |
|
|
Generate an HMAC in the associated HSM (via the barbican-hsm-plugin
|
|
interface).
|