On 06/13/17 14:40, Alon Bar-Lev wrote: > On 13 June 2017 at 21:26, james <gar...@verizon.net> wrote: > > <snip> > >> I guess what I'm really looking for is a master list of ebuilds >> (overlays) that one has or possible could use to implement any form of >> PKCS#11 on a gentoo server, workstation, or embedded system? I've been >> googling on this a bit, but my keyword combos have not been very fruitful. > > Hi, > > You have at least these: > > https://packages.gentoo.org/packages/dev-libs/softhsm > https://packages.gentoo.org/packages/dev-libs/opensc > https://packages.gentoo.org/packages/dev-libs/opencryptoki > https://packages.gentoo.org/packages/app-crypt/coolkey > > Regards, > Alon >
Yes thanks for the info above; and more using eix <-R|-cC> <dev-libs> | grep <pkcs|HSM> and other such searches. I should have been more detailed in my first post, apologies. I'm more or less looking for complete projects where someone at least moderately documented the steps, gotchas, nuances, etc etc. In theory, they're not too difficult. On the practical side, there's an ocean of fragmented minutia, depending on what you try, exactly. I guess I was look for a bit of a 'well worn' pathway, that included experimentation with the physical card side of things, gentoo centric. A book/website on practical pkcs#11 linux implementation? I also have look at some of the semiconductor vendor solutions, but there is little detail other than 'purchase' the interesting parts inside of fpga code or an asic, which does me no good. But implemented on an embedded microP with some flexibility would be good, as long as the processor is one that also runs embedded (gentoo) linux. So any dev-boards (RaspPI-3 or ?) would be keen that have any sort of pkcs demo, I could purchase from a semiconductor vendor? Any ideas along that venue would also work for me. Perhaps some detail on hardening the platform, tool-chain and musl/ulibc/glibc as that's another fundamental part of the effort, I find scant info on. Codes bases such as this one in python [A] are interesting, but not complete. Basically trying to stand on the shoulders of folks that know what they are doing, and the CI or automated test best for penetration testing what you actually implement going forward, is another integral part of a complete solution. Theoretical or practical experience or just a good comprehensive document/book to read. Anything complete, not just a piece of code that is a fragment of a complete (FOSS?) pkcs#11 system? Gaining practical/working knowledge of these details seems to be fleeting, at least for me. I had just assumed in was a well-worn pathway, publically discuss in some detail. Perhaps a hacker/penetration forum, where the is expertise is what I seek? Are other folks interested in rolling their own solution, or am I pursuing an impossible DIYS project? James [A] https://blogs.gnome.org/danni/2017/05/22/announcing-new-high-level-pkcs11-hsm-support-for-python/
