PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge.
Read the Parsec documentation online.
Read the whitepaper Security for the Infrastructure Edge.
Use Parsec when you need:
- A portable interface to your platform's Root of Trust in order to manage keys and perform cryptographic operations without knowledge of the hardware.
- A simple and portable way to access the best available security of your platform in your preferred programming language.
The value proposition of Parsec is that it provides the following:
- Abstraction – a common API that is truly agnostic and based on modern cryptographic principles
- Mediation – security as a microservice, brokering access to the hardware and providing isolated key stores in a multi-tenant environment
- Ergonomics – a client library ecosystem that brings the API to the fingertips of developers in any programming language: “easy to consume, hard to get wrong”
- Openness – an open-source project inviting contributions to enhance the ecosystem both within the service and among its client libraries
PARSEC is a collaborative project. The current list of the individuals and organizations who maintain this project can be found here.
See who is using and contributing to PARSEC.
Parsec is a new open source project and is under active development. This code repository is being made available so that the developer community can learn and give feedback about the new interfaces and the concepts of platform-agnostic security. The implementation that is provided is suitable for exploratory testing and experimentation only. This test implementation does not offer any tangible security benefits and therefore is not suitable for use in production. Documentation pages may be incomplete and are subject to change without notice. Interfaces may change in such a way as to break compatibility with client code. Contributions from the developer community are welcome. Please refer to the contribution guidelines.
For examples of how to access PARSEC as a client application, check this Rust client documentation.
Check the user, client developer and service developer guides for more information on building, installing, testing and using Parsec!
Come and ask questions or talk with the Parsec Community in our Slack channel or biweekly meetings. See the Community repository for more information on how to join.
We would be happy for you to contribute to Parsec! Please check the Contribution Guidelines to know more about the contribution process. Check the open issues on the board if you need any ideas 🙂!
The software is provided under Apache-2.0. Contributions to this project are accepted under the same license.
This project uses the following third party crates:
- serde (MIT and Apache-2.0)
- bindgen (BSD-3-Clause)
- cargo_toml (Apache-2.0)
- toml (MIT and Apache-2.0)
- rand (MIT and Apache-2.0)
- base64 (MIT and Apache-2.0)
- uuid (MIT and Apache-2.0)
- threadpool (MIT and Apache-2.0)
- std-semaphore (MIT and Apache-2.0)
- num_cpus (MIT and Apache-2.0)
- signal-hook (MIT and Apache-2.0)
- sd-notify (MIT and Apache-2.0)
- log (MIT and Apache-2.0)
- env_logger (MIT and Apache-2.0)
- pkcs11 (Apache-2.0)
- picky-asn1-der (MIT and Apache-2.0)
- picky-asn1 (MIT and Apache-2.0)
- picky-asn1-x509 (MIT and Apache-2.0)
- bincode (MIT)
- structopt (MIT and Apache-2.0)
- derivative (MIT and Apache-2.0)
- arbitrary (MIT and Apache-2.0)
- libfuzzer-sys (MIT, Apache-2.0 and NCSA)
- flexi_logger (MIT and Apache-2.0)
- lazy_static (MIT and Apache-2.0)
- version (MIT and Apache-2.0)
- sha2 (MIT and Apache-2.0)
- hex (MIT and Apache-2.0)
- picky (MIT and Apache-2.0)
This project uses the following third party libraries:
- Mbed Crypto (Apache-2.0)