-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New key wrapping API #642
New key wrapping API #642
Conversation
Allows key wrapping to be different between persistent and server-side storage. To accomplish this, the PrivateKey now always stores the fully reconstructed key, and has different methods to serialize it for the respective use case.
This PR adds 600 B of binary size. |
This is a backwards incompatible change. This PR already introduces backwards incompatible new credential parsing, and therefore we can also remove all other legacy parsing.
This PR is a breaking change for all credentials created with OpenSK before: both server-side and resident keys. We can retroactively change that, if we want to be compatible with As upgradability was only introduced in However, the credentials are not actually gone! Flashing a firmware before this PR should solve the problem. You'd lose access to the freshly generated credentials from the new firmware though, as the change is neither backwards not forward compatible. |
Allows key wrapping to be different between persistent and server-side storage.
To accomplish this, the PrivateKey now always stores the fully reconstructed key, and has different methods to serialize it for the respective use case.