Skip to content

allow users to specify which pkcs11 private key to use by setting a uri #3538

Closed
#3555
Closed
allow users to specify which pkcs11 private key to use by setting a uri#3538
#3555
Labels
improvementUser valuetheme:certificatesTheme: Device certificate topicstheme:securityTheme: Security related topics
Milestone
1.5.0
@reubenmiller

Description

@reubenmiller
reubenmiller
opened on Apr 7, 2025

Is your feature improvement request related to a problem? Please describe.

When using a HSM module with the PKCS11 interface, the HSM module can contain multiple keys (either in the same PKCS11 module, or from different ones), so users should be able to direct thin-edge.io to which one should be used for a given certificate.

Describe the solution you'd like

thin-edge.io pkcs11 support show allow users to device which private key to use by specifying the PKCS11 URI via the tedge (client side) configuration file, tedge.toml.

  • support specifying a PKCS11 URI for each private key (similar to the *.key_path properties, but called `key_uri)

Below shows an example of the private key used for all mappers.

File: tedge.toml

[device]
key_uri = "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=tedge"

Describe alternatives you've considered

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    improvementUser valuetheme:certificatesTheme: Device certificate topicstheme:securityTheme: Security related topics

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions