Crypto Wrapper issueshttps://gitlab.nic.cz/turris/crypto-wrapper/-/issues2020-10-26T18:11:29+01:00https://gitlab.nic.cz/turris/crypto-wrapper/-/issues/6Use os-release file to determine device type2020-10-26T18:11:29+01:00Vojtech MyslivecUse os-release file to determine device type`OPENWRT_DEVICE_PRODUCT` variable in `/etc/os-release` should be used to determine device type`OPENWRT_DEVICE_PRODUCT` variable in `/etc/os-release` should be used to determine device typehttps://gitlab.nic.cz/turris/crypto-wrapper/-/issues/5Secure handling tmp files2021-11-13T01:07:10+01:00Vojtech MyslivecSecure handling tmp filesCheck and prevent other users to mangle directory structure within `/tmp`. I.e. detect wrong user ownership of crypto-wrapper *root* directory and check for symlink redirection.Check and prevent other users to mangle directory structure within `/tmp`. I.e. detect wrong user ownership of crypto-wrapper *root* directory and check for symlink redirection.https://gitlab.nic.cz/turris/crypto-wrapper/-/issues/4Limit RAM usage2022-01-19T14:23:48+01:00Vojtech MyslivecLimit RAM usageAs `crypto-wrapper` stores its cache in `/tmp`, it can consume a lot of RAM if one will use `crypto-wrapper` very often.
Limit RAM usage to some reasonable value (3 % of total RAM or so). Old cache files could be deleted when a new one ...As `crypto-wrapper` stores its cache in `/tmp`, it can consume a lot of RAM if one will use `crypto-wrapper` very often.
Limit RAM usage to some reasonable value (3 % of total RAM or so). Old cache files could be deleted when a new one is to be created.https://gitlab.nic.cz/turris/crypto-wrapper/-/issues/3Wrong atsha file signing usage2019-03-18T14:45:40+01:00Vojtech MyslivecWrong atsha file signing usageDue to turris/libatsha204#5, atsha `file-challenge-response` command is a bit different than it appeared. This command signs *stdin*, not *a file*, so the file must be piped into the atsha command instead.Due to turris/libatsha204#5, atsha `file-challenge-response` command is a bit different than it appeared. This command signs *stdin*, not *a file*, so the file must be piped into the atsha command instead.Turris OS 4.0https://gitlab.nic.cz/turris/crypto-wrapper/-/issues/2Add cmd option to distinguish atsha204 and otp crypto backends2019-02-28T11:25:37+01:00Martin PrudekAdd cmd option to distinguish atsha204 and otp crypto backendsSome services - such as turris/sentinel/certgen> need to know which cryptographic backend they are using. So, the cmd option that just tells us if we use **atsha204** or **mox-otp** would be useful.Some services - such as turris/sentinel/certgen> need to know which cryptographic backend they are using. So, the cmd option that just tells us if we use **atsha204** or **mox-otp** would be useful.Turris OS 4.0https://gitlab.nic.cz/turris/crypto-wrapper/-/issues/1Unified CLI2019-02-28T11:30:46+01:00Vojtech MyslivecUnified CLIImplement unified CLI for both turris/libatsha204> and turris/mox-otp>
It needs to supports
- Caching output of commands (to save wear out of `atsha204`)
- Automatically detects and wraps `atsha204cmd` and `mox-otp` commands
- Support f...Implement unified CLI for both turris/libatsha204> and turris/mox-otp>
It needs to supports
- Caching output of commands (to save wear out of `atsha204`)
- Automatically detects and wraps `atsha204cmd` and `mox-otp` commands
- Support for `serial-number`, `sign` and `sign-hash` functionsTurris OS 4.0