design icon indicating copy to clipboard operation
design copied to clipboard

Published 20 hours ago verified publisher icon ros2

ROS2 DDS Security PKCS#11 URI support

Open IkerLuengo opened this issue 3 years ago • 3 comments

The DDS-Security specification defines the use of Hardware Security Modules (HSM) and PKCS#11 URIs as an alternative to private keys and certificates stored in the file system. Current implementation only supports these tokens to be directly stored in the file system as .pem files. This is a design proposal to support PKCS#11 URIs.

The changes affect to the RMW implementations, as these are filling the DDS security attributes for the participant. However, it also affects the contents of the enclave directories in the keystore. Although the proposed changes are totally backwards compatible (meaning that current RMW implementations will continue working if no PKCS#11 URIS are used), description of the new enclave contents and the expected RMW behavior seems appropriate.

IkerLuengo avatar Jul 28 '21 11:07 IkerLuengo

@ros2/security_working_group Thoughts about this proposal?

clalancette avatar Aug 19 '21 12:08 clalancette

This pull request has been mentioned on ROS Discourse. There might be relevant details there:

https://discourse.ros.org/t/ros-2-tsc-meeting-minutes-2021-08-19/22008/1

ros-discourse avatar Aug 23 '21 23:08 ros-discourse

To give some context, this proposal was discussed an approved on the @ros2/security_working_group on June (minutes here, although with Sid gone, they are still unmerged).

IkerLuengo avatar Aug 24 '21 08:08 IkerLuengo

@quinz @fujitatomoya @asorbini I've open #332 since I don't have write access on the repo of the original contributor.

This PR can be closed.

MiguelCompany avatar Jan 10 '23 07:01 MiguelCompany

Closing based on the last comment.

clalancette avatar Jan 26 '23 14:01 clalancette