Mathias Ertl
Mathias Ertl
@alfonsrv that library gives no documentation on how to actually create a signed certificate - let alone with a CSR object from python cryptography. > that takes all the required...
Hi @alfonsrv and @kushaldas, In the past days, I played around with and read the code of [python-yubihsm](https://github.com/Yubico/python-yubihsm), [python-pkcs11](https://github.com/pyauth/python-pkcs11/) and [python_x509_pkcs11 library](https://github.com/SUNET/python_x509_pkcs11). A few observations and conclusions: * `python-yubihsm` lacks...
Hi @alfonsrv , First, a general update: @kushaldas made significant progress on signing certificates via the PKCS11 interface with cryptography (with more help from the cryptography maintainers - thanks!). He...
I just merged the first version. This is pretty sophisticated and well tested already and should allow you to implement this with a subclass and a few pydantic models. Documentation...
Would be super cool. I also plan to release that weekend, by the way. If there's something that needs to be changed in the key backend interface, I'm open to...
Hi @alfonsrv , > A dedicated, air-gapped container would probably be desirable that processes "commands" sent to it – like "sign certificate with pk 2", "create a CRL", … and...
@alfonsrv , since I'll start working on @kushaldas branch, wondering if you could provide some input: What are the parameters available when generating a private key? And which would be...
> How to reuse the current command line flags for key type and key length? Two very good questions, with two answers: 1. The key type: you already can! `create_private_key()`...
Hi @PIKACHUIM , Thanks for your report! I'll look into it right away. But just to be sure: do you really have a need for this feature - if you...
Hi @PIKACHUIM, I tried to reproduce the issue, but failed. From what I can tell, it works as it should. First, let me answer that question of yours: > By...