dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Pol Henarejos
2022-11-15 17:38:33 +01:00
committed by GitHub
parent 6bf72e5a59
commit 0e918434a2
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@@ -13,7 +13,7 @@ RSA key generation in place for 1024, 2048, 3072 and 4096 bits. Private keys nev
ECDSA key generation in place for different curves, from 192 to 521 bits.
### > ECC curves
It supports secp192r1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp192k1 (insecure), secp256k1 curves.
It supports secp192r1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp192k1 (insecure), secp256k1 curves. Also Curve25519 and Curve448.
### > SHA1, SHA224, SHA256, SHA384, SHA512 digests
ECDSA and RSA signature can be combined with SHA digest in place.
@@ -111,6 +111,21 @@ Public Key Authentication (PKA) allows to authenticate by using a secondary devi
In PKA, the PIN is used for protecting the DKEK, as classic method with only PIN, and PKA is used for adding an extra security layer. Therefore, this mechanism provides a higher degree of security, since it needs a secondary Pico HSM to authenticate the primary one.
### > Secure Lock
An extra layer can be added to the device by adding a private key stored on the computer to lock that Pico HSM to the specific computer. The content will be completely encrypted with a private key only available from a specific computer.
### > ChaCha20-Poly1305
This is a novel fast and efficient symmetric encryption algorithm. Similarly to AES, it can be used to cipher your private data.
### > X25519 and X448
Both cruves Curve25519 and Curve448 are supported for doing DH X25519 and X448. Remember that cannot be used for signing.
### > Key Derivation Functions: HKDF, PBKDF2 and X963-KDF
It supports symmetric key derivations from different standards and RFC.
### > HMAC
It supports performing HMAC from a secret key on a arbitrary data with SHA digest algorithm.
[^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
[^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
[^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and the DKEK shares are available during the import process.