Bug#1113986: ITP: nethsm-pkcs11 -- PKCS#11 module for Nitrokey NetHSM
Package: wnpp
Severity: wishlist
Owner: Tobias Deiminger <tobias.deiminger@posteo.de>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-rust@lists.debian.org
* Package name : nethsm-pkcs11
Version : 1.7.2
Upstream Contact: Technical support support@nitrokey.com
* URL : https://github.com/Nitrokey/nethsm-pkcs11
* License : Apache 2.0
Programming Lang: Rust
Description : PKCS#11 module for Nitrokey NetHSM
nethsm-pkcs11 is an open source PKCS#11 module written in Rust and
published by Nitrokey to use their NetHSM hardware [1] as a backend for
PKCS#11 operations. As such it's comparable to yubihsm-pkcs11 which is
already in Debian. Unlike most other Rust crates, the build output is a
shared library implementing the Cryptoki C API [2].
I've walked through the packaging process locally to see what it takes
and was able to build and use the resulting .deb to connect to a NetHSM
and perform code signing operations. Only minor patching will be needed,
mostly dropping/relaxing dependencies.
At least following changes are required in Debian:
- nethsm-pkcs11 1.7.2, new
- nethsm-sdk-rs 2.0.0, new
- multipart 0.18.0 new, enable only client features to avoid more dependencies
- x509-cert 0.2.5 new
- merge, merge_derive 0.1.0 -> 0.2.0
- tex-fmt 0.5.2, rdep to merge, bump merge to 0.2.0
I should be able to maintain the new packages in my spare- and working
time and hope to find a sponsor from the Rust team initially.
[1] https://www.nitrokey.com/de/produkte/nethsm
[2] https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
Reply to: