Crate yubihsm[−][src]
yubihsm.rs: pure Rust client for YubiHSM2 hardware security modules
Prerequisites
This crate builds on Rust 1.27+ and by default uses SIMD features
which require the following RUSTFLAGS:
RUSTFLAGS=-Ctarget-feature=+aes
You can configure your ~/.cargo/config to always pass these flags:
[build]
rustflags = ["-Ctarget-feature=+aes"]
Getting Started
The following documentation describes the most important parts of this crate's API:
- yubihsm::connector: methods of connecting to a YubiHSM (USB or HTTP via yubihsm-connector)
- yubihsm::Client: client providing wrappers for YubiHSM commands.
Example
The following is an example of how to create a yubihsm::Client by connecting via USB, and then performing an Ed25519 signature:
extern crate yubihsm;
use yubihsm::{Client, Credentials, UsbConnector};
// Connect to the first YubiHSM2 we detect
let connector = UsbConnector::default();
// Default auth key ID and password for YubiHSM2
// NOTE: DON'T USE THIS IN PRODUCTION!
let credentials = Credentials::default();
// Connect to the HSM and authenticate with the given credentials
let mut hsm_client = Client::open(connector, credentials, true).unwrap();
// Note: You'll need to create this key first. Run the following from yubihsm-shell:
// `generate asymmetric 0 100 ed25519_test_key 1 asymmetric_sign_eddsa ed25519`
let signature = hsm_client.sign_ed25519(100, "Hello, world!").unwrap();
println!("Ed25519 signature: {:?}", signature);
Re-exports
pub use algorithm::*; |
pub use auth_key::AuthKey; |
pub use auth_key::AUTH_KEY_SIZE; |
pub use capability::Capability; |
pub use client::Client; |
pub use connector::http::HttpConnector; |
pub use connector::usb::UsbConnector; |
pub use connector::Connection; |
pub use connector::Connector; |
pub use credentials::Credentials; |
pub use domain::Domain; |
pub use error::*; |
pub use mockhsm::MockHsm; |
pub use object::*; |
pub use wrap::WrapMessage; |
pub use wrap::WrapNonce; |
Modules
| algorithm |
Cryptographic algorithms supported by the HSM |
| auth_key |
Authentication keys used to establish encrypted sessions with the HSM
|
| capability |
Object attributes specifying which operations are allowed to be performed |
| client |
YubiHSM client: main functionality of this crate YubiHSM client: core functionality of this crate. |
| command |
Commands supported by the HSM. |
| connector |
Methods of connecting to a YubiHSM2: |
| credentials |
Credentials used to authenticate to the HSM (key ID + |
| domain |
Logical partitions within the HSM, allowing several applications to share the device. |
| error |
Error types |
| mockhsm |
Simulation of the HSM for integration testing. |
| object |
Objects stored in the HSM. |
| response |
Responses to command sent from the HSM. |
| session |
Authenticated/encrypted sessions with the HSM. |
| wrap |
Object wrapping support, i.e. encrypt objects from one HSM to another. |
Structs
| HttpConfig |
Configuration options for the HTTP (i.e. |
| SerialNumber |
YubiHSM serial numbers |
| SessionId |
Session/Channel IDs |
| UsbConfig |
Configuration for connecting to the YubiHSM via USB |
| Uuid |
A Universally Unique Identifier (UUID). |
Enums
| AuditOption |
Auditing policy options |
| CommandCode |
Command IDs for |
| ResponseCode |
Codes associated with HSM responses |
Type Definitions
| ClientError |
Session errors |
| ConnectionError |
|