#security #encryption #http-client

yanked yubihsm-client

Pure Rust client for YubiHSM2 devices

Uses old Rust 2015

0.0.0 Feb 8, 2018

#469 in #http-client

MIT/Apache

8KB
87 lines

yubihsm-client.rs

An experimental pure Rust reimplementation of libyubihsm providing an interface to YubiHSM2 devices from Yubico.

About

This library attempts to reimplement some of the functionality of libyubihsm, a closed-source C library which acts as a libcurl-based HTTP(S) client and sends commands to the yubihsm-connector process, which implements an HTTP(S) server which sends the commands to the YubiHSM2 hardware device over USB. However, libyubihsm can be difficult to work with because it is shipped as a platform-specific dynamic library which needs its own special versions of libcurl and OpenSSL.

yubihsm-client is a pure-Rust reimplementation of a similar HTTP(S) client library for yubihsm-connector based on black box reverse engineering of the HTTP requests and responses. This process involves a lot of guesswork and therefore what is implemented in this library may not be an accurate reflection of how the protocol actually works. Only a small amount of the functionality provided by libyubihsm is exposed.

yubihsm-client is implemented using the reqwest Rust HTTP client library.

Testing

Tests for yubihsm-client assume you have a YubiHSM2 hardware device, have downloaded the YubiHSM2 SDK for your platform, and are running a yubihsm-connector process listening on localhost on the default port of 12345. The YubiHSM2 device should be in the default factory state. To reset it to this state, either use the yubihsm-shell reset command or press on the YubiHSM2 for 10 seconds immediately after inserting it.

License

yubihsm-client is distributed under the terms of both the MIT license and the Apache License (Version 2.0).

See LICENSE-APACHE and LICENSE-MIT for details.

Dependencies

~14–25MB
~428K SLoC