#yubihsm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #yubihsm, aggregated by home.social.
-
While exploring use of PKCS #11 devices in #OpenPGP contexts, I stumbled over a bug (and potential security issue) in the yubihsm_pkcs11.so driver for #YubiHSM devices.
Long form text by Christian Reitter (who walked me through the coordinated disclosure process with #Yubico, and did amazing work analyzing and writing up the issue):
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/Yubico advisory: https://www.yubico.com/support/security-advisories/ysa-2023-01/
#CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39908
(Thanks again to @sovtechfund for funding my #PKCS11 work)
-
Today I spent a bit of time with the #YubiHSM and its #PKCS11 driver (the yubihsm_pkcs11.so driver had exhibited some confusing-to-me behavior, during occasional experiments over the past few weeks).
After a closer look, I believe that "yubihsm_pkcs11.so" version 2.4.0 has introduced a number of rather confusing regressions around object IDs (see https://github.com/Yubico/yubihsm-shell/issues/345 #Yubico).
This investigation was a side-quest of my @sovtechfund financed project "PKCS#11 support for @sequoiapgp".