Removal of PKCS#11 functionality in CST tool

pfaust60 · ‎03-14-2022

I just downloaded the latest CST tool 3.3.1 and found this in the documentation.

The /back_end-hsm directory contains the sources and headers necessary for replacing the open source cryptographic libraries with an implementation that can interact directly with a Hardware Security Module (HSM) by using the PKCS#11 interface definition. More detailed information can be found in the README file located in the directory.
Note: This add-on is deprecated and will be removed in the next CST release.

What will this be replaced with? Having private keys on the build machine is not a very safe practice.

Zhiming_Liu · ‎03-21-2022

Hi @pfaust60

We will release a safer way to enable HSM in next version.

Regards

Zhiming

Hendrik_M · ‎11-16-2022

Is there an update on the status of the new HSM implementation? This is also a pressing matter on my team.

pfaust60 · ‎03-22-2022

Thanks for the update. When should we expect a new release and be able to evaluate the new mechanism for integrating with an HSM.

I assume the new solution will still use the industry standard pkcs#11 interface?

Paul Faust