Expand description
Hardware Security Module (HSM) and TPM integration for enterprise deployments.
This module provides an abstraction layer for cryptographic operations that can be backed by either software keys or hardware security modules (HSM/TPM).
Supported backends:
- Software: Uses in-memory Ed25519 keys (default)
- PKCS#11: For HSM devices supporting PKCS#11 interface
- TPM 2.0: For Trusted Platform Module integration
§Phase 17A Enhancements
- Audit logging for all HSM operations
- Key versioning and rotation tracking
- Health monitoring for HSM availability
- Batch operations for improved performance
- Session management for connection pooling
- Key lifecycle states (active, archived, compromised, revoked)
Structs§
- Audit
Entry - Audit log entry for HSM operations.
- Health
Status - Health status for HSM provider.
- HsmManager
- HSM manager that provides a unified interface to multiple backends.
- HsmManager
Builder - Builder for configuring HSM providers.
- KeyId
- Key identifier for HSM-stored keys.
- KeyMetadata
- Key metadata stored alongside the key.
- Pkcs11
Config - Configuration for PKCS#11 HSM provider.
- Pkcs11
Provider - PKCS#11 HSM provider (stub implementation).
- Software
Provider - Software-based signing provider using in-memory keys.
- TpmConfig
- Configuration for TPM 2.0 provider.
- TpmProvider
- TPM 2.0 provider (stub implementation).
Enums§
- Audit
Event Type - Audit event type for HSM operations.
- HsmError
- Errors specific to HSM operations.
- KeyLifecycle
State - Key lifecycle state for tracking key status.
- TpmHierarchy
- TPM hierarchy for key storage.
Traits§
- Signing
Provider - Trait for cryptographic signing providers.
Type Aliases§
- HsmResult
- Result type for HSM operations.