Yan, Shaopu

icon indicating an email [email protected]

icon company Intel icon location shanghai

Results 6 issues of Yan, Shaopu

Add initial eHSM-KMS support for signstore

6 comment

eHSM-KMS is An End-to-End Distributed and Scalable Cloud KMS built on top of Intel SGX enclave-based HSM(Hardware Security Module), aka eHSM. More details, please refer to: https://github.com/intel/ehsm

Support eHSM as an alternative KMS solution

1 comment

Dear maintainers, We've developed an SGX-based Cloud KMS (called as eHSM), eHSM is a cloud service to provide functionalities to manage keys and secrets by fully leveraging Intel SGX capability....

enhancement

support client sdk for popular programming language(go, rust, python, java, scala, etc)

unify the input params of digest for sign operation

according to the cloud kms, the digest need to be hashed by the user, so the sign operation may not need to hash it again. e.g, ecc/rsa/sm2

support cmk rotation

cmk will need to be upgraded or maybe expired, so need to consider to support its rotation in future.

support restful request with attestation token

attach the attestation token into the request params to assure the kms is actually run in the enclave.