mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update README.md

Browse source 
Fix typos.
This commit is contained in:
Pol Henarejos 2022-06-06 11:53:39 +02:00 committed by GitHub
parent 3124f5e565
commit 61625c4c5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -9,7 +9,7 @@ Private and secret keys are stored with a master AES 256 key (DKEK). The DKEK is
### RSA key generation from 1024 to 4096 bits
RSA key generation in place for 1024, 2048, 3072 and 4096 bits. Private keys never leave the device.
### ECDSA key generation from 192 to 521 bits
### ECDSA key generation from 192 to 521 bits
ECDSA key generation in place for different curves, from 192 to 521 bits.
### ECC curves
@ -69,13 +69,13 @@ It supports extended APDU packets, which allows up to 65535 bytes.
### CVC certificates
Pico HSM manipulates CVC certificates and requests to minimize the storage of internal certificates.
### Attestation
### Attestation
Every generated key is attached to a certificate, signed by an external PKI to ensure that a particular key is effectively generated by this specific device.
### Import external private keys and certificates
It allows private key and certificates import via WKY or PKCS#12 files.[^2][^3]
### Tranport PIN
### Tranport PIN
It allows transport PIN for provisioning and forcing to set a new PIN.[^2] It is a tampered mechanism that ensures the device has not been unsealed during the transportation from the issuer to the legitimate user.
### Press-to-confirm button
@ -95,13 +95,13 @@ Pico HSM supports secure channel, where the data packets between the host and de
A specific session PIN can be set during the session opening to avoid the systemmatic use of PIN.
### PKI CVCert remote issuing for Secure Message
Secure channel are secured via a certificate issued by a external PKI.
Secure channel messages are secured with a certificate issued by an external PKI.
### Multiple key domains
Key domains are domains to store separate private/secret keys. Each domain is protected by a DKEK, independent from the other domains. Private/secret keys can be generated in different key domains to be used with separated DKEK.
Therefore, a single device may contain different domains with independent keys.
### Key usage counter
### Key usage counter
A key usage counter is a counter that is reduced by 1 everytime that the private/secret key is used for signing, decrypting, derivation, etc. When it reaches 0, the key is disabled and cannot be used anymore.
Key usage can also be used to perform and auditory and track the usage of a particular key.