Abandoned?

[kamushadenes]

Hello, is this package abandoned?

[Sn0rkY]

Is it abandoned?
cc: @solcates @ProsaicSatsuma

[SpectralHiss]

PKCS11 latest release is from 2015 and likely not changing any time soon however there needs to be a little bit more support and love to this otherwise decent library!

For instance, I have had issues with Cloud HSM support, the library did support it at some point it seems but the subtle differences in the newest AWS backends (they moved from Cavium and the README mentions the old architecture) meant it didn't work for me.
It is a sign that there haven't been much activity / testing lately at least with AWS Cloud HSM.

[bizk]

Hi @SpectralHiss I was thinking about using this library for cloudhsm, are you using any other alternative?

[SpectralHiss]

Not yet decided, what i've seen is that if you use labels on certificates or keys it will write them but still give an error in the API , causing some bad times..

error: error running manager: failed to open listener: listen tcp 0.0.0.0:80: bind: permission denied; failed to initialise the signer: Coudn't generate private key and cert in HSM: Failed to generate private key in HSM pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID

But they key still gets created!! so i end up with a bunch of orphaned key and crashed program :/

I haven't tried what happens if you just don't use labels as I had to shut down that testing, but it sucks they bungled this standard thing in PKCS11 on the AWS backend !
Some of the AWS limitations are covered by Mastercard's pkcs11-tools readme here:
https://github.com/Mastercard/pkcs11-tools/blob/master/README.md#july-2023
It could be that labels could still work if the API calls are initiated differently perhaps? i'd have to do more testing

If you figure out something please keep me informed.. we might try to contribute a fix if possible ? Not even sure who'd review!

[bizk]

Thanks for sharing :) We could come up with a fork maybe? I'm not using it yet, I went on with github.com/miekg/pkcs11`` for now