Simo Sorce

May I ask for a requirement that if any signing operation is implemented that it can be disabled at built time, leaving only verification operations available? LMS is something that...

This is more a Request for comments than a final PR. I manually tested this with the pkcs11-provider and it "works", however I also know a couple of tests in...

@beldmit FYI

> not really, my provide will take a sessions (it holds a cache of them) whenever an operation is requested. This is to handle token login early on, because generally...

> This was just for testing in the test-suite given we do not have pkcs11-provider integration for CI (yet?), I can drop it completely in the PR later.

@petrovr I am sorry I fail to understand what you mean (here and in previous comments). Could you please rephrase?

@levitte just to try to give you some more context. In general a lot of server deployments using HSMs will just store the pin in a configuration file. So in...

> @simo5, thanks for the expansion on the issue. > > I understand what you're seeing as a problem. The concern I'm having is that this sort of thing doesn't...

> Another question is how to implement a key generation for keys stored in a token but that is IMO a different topic. Indeed storing generate keys on the token...

> There are many tokenization solutions out there. If it were me, I would suggest building an API to allow different token providers to plug in rather than building our...