yubihsm 0.1.0

Pure Rust client for YubiHSM2 devices
docs.rs failed to build yubihsm-0.1.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Visit the last successful build: yubihsm-0.42.1

yubihsm.rs

crate Docs Build Status MIT/Apache2 licensed

An experimental pure Rust reimplementation of libyubihsm providing an interface to YubiHSM2 devices from Yubico.

Documentation

About

This is a pure-Rust client which supports interfacing with YubiHSM2 devices over an encrypted channel.

It presently reimplements a small subset of the of the functionality of libyubihsm, a closed-source C library which acts as a libcurl-based HTTP(S) client and sends commands to the yubihsm-connector process, which implements an HTTP(S) server which sends the commands to the YubiHSM2 hardware device over USB.

Note that this is NOT an official Yubico project and is in no way supported or endorsed by Yubico.

Status

Initial support for creating encrypted channels to a YubiHSM2 via yubihsm-connector is complete, along with authenticating to the YubiHSM2 via a password/authentication key.

The following commands are presently supported:

Testing

This crate allows you to run the integration test suite in two different ways: live testing against a real YubiHSM2 device, and simulated testing using a MockHSM service which reimplements some YubiHSM2 functionality in software.

cargo test: test live against a YubiHSM2 device

This mode assumes you have a YubiHSM2 hardware device, have downloaded the YubiHSM2 SDK for your platform, and are running a yubihsm-connector process listening on localhost on the default port of 12345.

The YubiHSM2 device should be in the default factory state. To reset it to this state, either use the yubihsm-shell reset command or press on the YubiHSM2 for 10 seconds immediately after inserting it.

NOTE THAT THESE TESTS ARE DESTRUCTIVE: DO NOT RUN THEM AGAINST A YUBIHSM2 WHICH CONTAINS KEYS YOU CARE ABOUT

cargo test --features=mockhsm: simulated tests against a mock HSM

This mode is useful for when you don't have access to physical YubiHSM2 hardware, such as CI environments.

License

yubihsm.rs is distributed under the terms of both the MIT license and the Apache License (Version 2.0).

See LICENSE-APACHE and LICENSE-MIT for details.