| 12 Dec 2024 |
 Morgan (@numinit) | No problem, this will be super useful for the nixPKCS test suite | 04:14:27 |
| Morgan (@numinit) | Really appreciate the change! | 04:14:34 |
 baloo | Yeah that makes my test suite a lot more easy to run too | 04:15:11 |
| baloo | much easier than having to pull real hardware | 04:15:25 |
| Morgan (@numinit) | I was going to add attestation support eventually to https://github.com/numinit/nixpkcs - this is a kick in the pants for me to do it | 04:15:46 |
| Morgan (@numinit) | Someone just got step-ca working with it though, which is encouraging | 04:16:40 |
| baloo | Friends don't let people use pkcs11 | 04:16:49 |
| Morgan (@numinit) | hah | 04:16:56 |
| baloo | (I hate pkcs11 dearly) | 04:17:15 |
| Morgan (@numinit) | Brutally hard to wrap things with, I do too. Had to do passthrus for it all | 04:17:31 |
| Morgan (@numinit) | This does actually make it easier, though through the brute force of injecting support into OpenSSL | 04:18:14 |
| baloo | yeah, looks like you figured out a bunch of options in a bunch of very useful tools | 04:19:05 |
| Morgan (@numinit) | Basically, yeah. | 04:19:18 |
| baloo | I guess you ended up full of yak hair after doing that | 04:19:21 |
| baloo | (thanks for doing that) | 04:19:45 |
| baloo | or full of weeds I guess | 04:19:57 |
| Morgan (@numinit) | yeah, pretty much - declarative definition of yubikeys is pretty cool at least | 04:19:58 |
| Morgan (@numinit) | though I completely understand why wo one supported PKCS11 now - it's a pain in the @$$ | 04:20:50 |
| baloo | have you had the delight to work HSM vendors already? | 04:20:55 |
| Morgan (@numinit) | * though I completely understand why no one supported PKCS11 now - it's a pain in the @$$ | 04:20:56 |
| Morgan (@numinit) | ... yep. | 04:21:10 |
| Morgan (@numinit) | Different tools for everything | 04:21:21 |
| baloo | condolences | 04:21:23 |
| Morgan (@numinit) | I'm surprised PKCS#11 can even generate keys | 04:21:48 |
| Morgan (@numinit) | support apparently has been recently improving in general with AWS and Google's cloud HSMs | 04:22:19 |
| baloo | ha yeah, the easy ones :D | 04:22:36 |
| Morgan (@numinit) | when the standard says something is optional, no one implements it | 04:22:44 |
| baloo | wait until you use the thales or entrust ones :D | 04:23:02 |
| baloo | (don't use entrust) | 04:23:09 |
| Morgan (@numinit) | lol, qualcomm low level bringup has been my recent 😢 | 04:23:27 |
