Draft: PKCS #11 backend implementation for Yubikey 4/5 via ykcs11 driver (!2) · Merge requests · sequoia-pgp / sequoia-keystore

Heiko requested to merge hkos/sequoia-keystore:pkcs11-yk into main Jun 15, 2023

An initial implementation of the keystore backend based on the https://crates.io/crates/openpgp-pkcs11-sequoia library.

This implementation assumes:

that IDs follow the ykcs11 convention to detect which role a key should be used for
that the X.509 certificate on the card contains relevant metadata to derive the OpenPGP Key

Possible future work: the keystore could add a mechanism to query the backend about the public key material in slots, and optionally provide OpenPGP certificates to the backend as an alternate source of OpenPGP key metadata (fingerprint, creation time, KEK/KDF parameters).

Edited Jun 15, 2023 by Heiko

Draft: PKCS #11 backend implementation for Yubikey 4/5 via ykcs11 driver

Merge request reports