Help! I would like use use AWS CloudHSM to sign a Debian package. We currently have a gpg-based flow using reprepo to create an APT repository.

I cannot for the life of me figure out how to put all the pieces together. All the Debian tooling I can find assumes gpg. I don't see how to put a gpg or gpgme-shaped front end in front of CloudHSM.

But maybe I just don't know which of the available protocols is the correct one. (Is it PKCS11? The compatibility between various smartcard-based gpg use cases and CloudHSM does not seem very clear.)

I would greatly appreciate some pointers on how to put these pieces together. Surely some cryptography or AWS nerd has published a Medium article about this?

#Debian #CodeSigning #CloudHSM

Шифрование для облака: разные подходы

Облачные сервисы по-разному подходят к шифрованию данных на своём хостинге. В некоторых случаях это шифрование не удовлетворяет требованиям безопасности, поэтому приходится брать задачу в свои руки и шифровать файлы самостоятельно.

https://habr.com/ru/companies/ruvds/articles/846478/

#бэкапы #шифрование #Encryption_SDK #Database_Encryption_SDK #Secrets_Manager #Clean_Rooms #C3R #CloudHSM #KMS #HSM #DEK #KEK #multikeyring #restic #rsync #gocryptfs #cppcryptfs #DroidFS #gocryptfsinspect #Cryptomator #ruvds_статьи