GitHub - oxidecomputer/offline-keystore: yubihsm-setup replacing the yubico cruft with our own cruft!

This repo implements the parts of yubihsm-setup that we need for our initial key ceremony. This work began after a few things became apparent:

the YubiHSM M-of-N backup scheme is implemented in software using an abandoned crate
yubihsm-setup depends on an unpublished crate (https://github.com/Yubico/yubihsmrs)
yubihsm-setup creates several objects that we don't want and removing them manually is difficult and error prone
the human interaction with yubihsm-setup complicates our process unnecessarily

This implementation addresses these concerns by:

driving interaction with the YubiHSM2 using the yubihsm crate
implementing only the wrap key creation and splitting logic
splitting only the wrap key, we do not prepend various YubiHSM2 specific attributes in the key before it's split

Name		Name	Last commit message	Last commit date
Latest commit History 227 Commits
.github/workflows		.github/workflows
data		data
docs		docs
script		script
specs		specs
src		src
.gitignore		.gitignore
.licenserc.yaml		.licenserc.yaml
.rustfmt.toml		.rustfmt.toml
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
renovate.json		renovate.json
rust-toolchain.toml		rust-toolchain.toml

Provide feedback