FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Removal of PKCS#11 functionality in CST tool

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Removal of PKCS#11 functionality in CST tool

‎03-14-2022 09:58 AM
778 Views
pfaust60
Contributor I

I just downloaded the latest CST tool 3.3.1 and found this in the documentation.

The /back_end-hsm directory contains the sources and headers necessary for replacing the open source cryptographic libraries with an implementation that can interact directly with a Hardware Security Module (HSM) by using the PKCS#11 interface definition. More detailed information can be found in the README file located in the directory.
Note: This add-on is deprecated and will be removed in the next CST release.

What will this be replaced with?  Having private keys on the build machine is not a very safe practice.

0 Kudos
Reply
3 Replies

‎03-21-2022 07:40 PM
765 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi @pfaust60 

We will release a safer way to enable HSM in next version.

Regards

Zhiming

0 Kudos
Reply

‎11-16-2022 05:13 AM
596 Views
Hendrik_M
Contributor I

Is there an update on the status of the new HSM implementation? This is also a pressing matter on my team.

0 Kudos
Reply

‎03-22-2022 06:47 AM
755 Views
pfaust60
Contributor I

Thanks for the update.  When should we expect a new release and be able to evaluate the new mechanism for integrating with an HSM.

I assume the new solution will still use the industry standard pkcs#11 interface?

Paul Faust

0 Kudos
Reply