Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
yubihsm.rs
An experimental pure Rust reimplementation of libyubihsm providing an interface to YubiHSM2 devices from Yubico.
About
This is a pure-Rust client which supports interfacing with YubiHSM2 devices over an encrypted channel.
It presently reimplements a small subset of the of the functionality of libyubihsm, a closed-source C library which acts as a libcurl-based HTTP(S) client and sends commands to the yubihsm-connector process, which implements an HTTP(S) server which sends the commands to the YubiHSM2 hardware device over USB.
Note that this is NOT an official Yubico project and is in no way supported or endorsed by Yubico.
Status
Initial support for creating encrypted channels to a YubiHSM2 via yubihsm-connector is complete, along with authenticating to the YubiHSM2 via a password/authentication key.
The following commands are presently supported:
- Authenticate Session
- Create Session
- Delete Object
- Echo
- Generate Asymmetric Key
- Get Object Info
- Get Pubkey
- List Objects
- Session Message
- Sign Data EdDSA i.e. Ed25519 signatures
Testing
This crate allows you to run the integration test suite in two different ways: live testing against a real YubiHSM2 device, and simulated testing using a MockHSM service which reimplements some YubiHSM2 functionality in software.
cargo test
: test live against a YubiHSM2 device
This mode assumes you have a YubiHSM2 hardware device, have downloaded the YubiHSM2 SDK for your platform, and are running a yubihsm-connector process listening on localhost on the default port of 12345.
The YubiHSM2 device should be in the default factory state. To reset it to this state, either use the yubihsm-shell reset command or press on the YubiHSM2 for 10 seconds immediately after inserting it.
NOTE THAT THESE TESTS ARE DESTRUCTIVE: DO NOT RUN THEM AGAINST A YUBIHSM2 WHICH CONTAINS KEYS YOU CARE ABOUT
cargo test --features=mockhsm
: simulated tests against a mock HSM
This mode is useful for when you don't have access to physical YubiHSM2 hardware, such as CI environments.
License
yubihsm.rs is distributed under the terms of both the MIT license and the Apache License (Version 2.0).
See LICENSE-APACHE and LICENSE-MIT for details.