PKCS#11 support on mender server


Are there any plans to add support for PKCS#11 on a deployed Mender server? There is for the clients, but the private key of the server has still to be in plain text.

Best Regards,

Hello @sandevins ,

No plans for this at the moment, as the server typically lives in a more secure / tamper proof environment than the client…

That said, we’re open to pull requests, but I am afraid this is a major change because I think it would require all crypto operations in the server be switched to using OpenSSL.

Dear @eystein,

It’s true that it should be in a more secure environment. But the server usually is a target for attackers and by stealing the secret key that mender uses would allow to impersonate such server.