The Cryptech Project is pleased to announce that version 3 of our firmware and software package is now available. Like version 2, this runs on the Alpha board. For those who have been following, this is the code that until last week was the "ksng" branch.
Major new features: * New keystore implementation which supports thousands of keys instead of six. :) * Support for multiple clients (eg, the OpenDNSSEC "enforcer" and "signer" daemons) talking to the HSM in parallel. * Key backup. * Verilog support for (much) faster key generation and signing on the ECDSA P-256 and P-384 curves. See https://wiki.cryptech.is/wiki/ReleaseNotes for more details. See https://wiki.cryptech.is/wiki/BinaryPackages and https://wiki.cryptech.is/wiki/Upgrading for information on how to download the new packages and upgrade the HSM firmware. Please read the upgrade instructions BEFORE attempting to update the firmware. The upgrade is a multi-step process, and the keystore format change triggers a bug in the old bootloader which can brick your HSM if you perform the upgrade steps in the wrong order. If you ignored the above or managed to brick your HSM anyway, see https://wiki.cryptech.is/wiki/DisasterRecovery and https://wiki.cryptech.is/wiki/UsingSTLink . Thank you for your patience with how long this has taken. We spent far more time than we would have liked in a twisty maze of RTOS bugs (eventually solved by removing the RTOS, see the release notes). Special thanks to Yuri Schaeffer for help testing both the upgrade process and the multi-client support with OpenDNSSEC. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech