stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
98e6b7658467263a0ca078806871631b5e9ecc83
git.stella-ops.org/etc/rootpack/ru/crypto.profile.yaml
StellaOps Bot 98e6b76584
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details
Add post-quantum cryptography support with PqSoftCryptoProvider 
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.
2025-12-07 15:04:19 +02:00

59 lines
1.7 KiB
YAML
Raw Blame History

StellaOps:
Crypto:
Registry:
ActiveProfile: ru-linux-soft
PreferredProviders:
- ru.openssl.gost
- ru.winecsp.http
- ru.pkcs11
Profiles:
ru-linux-soft:
PreferredProviders:
- ru.openssl.gost
- ru.winecsp.http
- ru.pkcs11
ru-csp:
PreferredProviders:
- ru.cryptopro.csp
- ru.winecsp.http
- ru.openssl.gost
- ru.pkcs11
CryptoPro:
Keys:
- KeyId: ru-csp-default
Algorithm: GOST12-256
ProviderName: "Crypto-Pro GOST R 34.10-2012 Cryptographic Service Provider"
CertificateThumbprint: "<thumbprint>"
CertificateStoreLocation: LocalMachine
CertificateStoreName: My
ContainerName: CN=RootPack Signing
Pkcs11:
Keys:
- KeyId: ru-token-default
Algorithm: GOST12-256
LibraryPath: /usr/local/lib/librutokenecp.so
SlotId: "0x1"
Pin: "${PKCS11_PIN}"
PrivateKeyLabel: rootpack-signing
CertificateThumbprint: "<thumbprint>"
WineCsp:
ServiceUrl: http://localhost:5099
Keys:
- KeyId: ru-wine-default
Algorithm: GOST12-256
RemoteKeyId: ru-csp-default
Description: Wine CSP sidecar (CryptoPro via Wine)
OpenSsl:
Keys:
- KeyId: ru-openssl-default
Algorithm: GOST12-256
PrivateKeyPath: /opt/stellaops/keys/ru_openssl_priv.pem
PrivateKeyPassphraseEnvVar: RU_OPENSSL_PRIV_PASS
CertificatePath: /opt/stellaops/certs/ru_openssl_cert.pem
SignatureFormat: Der
Diagnostics:
Providers:
Enabled: true
Metrics:
LogLevel: Information
Reference in New Issue View Git Blame Copy Permalink