[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1113986: ITP: nethsm-pkcs11 -- PKCS#11 module for Nitrokey NetHSM



Package: wnpp
Severity: wishlist
Owner: Tobias Deiminger <tobias.deiminger@posteo.de>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-rust@lists.debian.org

* Package name    : nethsm-pkcs11
  Version         : 1.7.2
  Upstream Contact: Technical support support@nitrokey.com
* URL             : https://github.com/Nitrokey/nethsm-pkcs11
* License         : Apache 2.0
  Programming Lang: Rust
  Description     : PKCS#11 module for Nitrokey NetHSM

nethsm-pkcs11 is an open source PKCS#11 module written in Rust and
published by Nitrokey to use their NetHSM hardware [1] as a backend for
PKCS#11 operations. As such it's comparable to yubihsm-pkcs11 which is
already in Debian. Unlike most other Rust crates, the build output is a
shared library implementing the Cryptoki C API [2].

I've walked through the packaging process locally to see what it takes
and was able to build and use the resulting .deb to connect to a NetHSM
and perform code signing operations. Only minor patching will be needed,
mostly dropping/relaxing dependencies.

At least following changes are required in Debian:

- nethsm-pkcs11 1.7.2, new
- nethsm-sdk-rs 2.0.0, new
- multipart 0.18.0 new, enable only client features to avoid more dependencies
- x509-cert 0.2.5 new
- merge, merge_derive 0.1.0 -> 0.2.0
- tex-fmt 0.5.2, rdep to merge, bump merge to 0.2.0

I should be able to maintain the new packages in my spare- and working
time and hope to find a sponsor from the Rust team initially.

[1] https://www.nitrokey.com/de/produkte/nethsm
[2] https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html


Reply to: