ehsm issues

unify the input params of digest for sign operation

according to the cloud kms, the digest need to be hashed by the user, so the sign operation may not need to hash it again. e.g, ecc/rsa/sm2

syan10

support cmk rotation

cmk will need to be upgraded or maybe expired, so need to consider to support its rotation in future.

syan10

support restful request with attestation token

attach the attestation token into the request params to assure the kms is actually run in the enclave.

syan10

Support SM9 (cryptography standard)

5

## Background [SM9 ](https://en.wikipedia.org/wiki/SM9_(cryptography_standard)) is a Chinese national cryptography standard for [Identity Based Cryptography](https://en.wikipedia.org/wiki/ID-based_cryptography) issued by the Chinese State Cryptographic Authority in March 2016(`from wikipedia`). it is also standardized in[...

nntp4

Support Intel Trust Authority Attestation

@yang8621

yang8621

support domain key rotation

- add dkeyrotation app - dkeyserver(root), dkeyserver(worker), dkeycache and KMS server are support domain key rotation. test : passed the local test Signed-off-by: wanghouqi

wanghouqi

ehsm
ehsm copied to clipboard

Metadata

unify the input params of digest for sign operation

support cmk rotation

support restful request with attestation token

Support SM9 (cryptography standard)

Support Intel Trust Authority Attestation

support domain key rotation

← Metadata

Owner

Metadata

ehsm ehsm copied to clipboard

Metadata

unify the input params of digest for sign operation

support cmk rotation

support restful request with attestation token

Support SM9 (cryptography standard)

Support Intel Trust Authority Attestation

support domain key rotation

← Metadata

Owner

Metadata

ehsm
ehsm copied to clipboard