and add the Enterprise / Commercial licensing option.
Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
* Community Edition: AGPLv3 (strong copyleft, including network use).
* Enterprise / Commercial Edition: proprietary license for production /
multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
ENTERPRISE.md and clarifying how companies can obtain a commercial license.
Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
alternative proprietary license that allows internal, large-scale, or OEM
use (bulk provisioning, policy enforcement, inventory / revocation,
custom attestation, signed builds) without AGPL disclosure obligations.
This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
With this new subcommand, Pico HSM will support newer cipher algorithms.
ChaCha20-Poly1305 is the first. It will be based on a custom P2 subcommand to support an arbitrary structure with multiple parameters (AAD, IV, etc.)
pico-hsm-tool.py shall be used.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This is an extra layer of security to avoid brute force attacks if PIN is too weak.
At every hard reset (on device plug), the device must be unlocked prior any other command. Once unlocked, the device can be used as usual.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
It is not tested, as it is not supported by pkcs11 modules. For instance, OpenSSL implements OEP in local side, calling a RAW decryption on the device.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
