stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fda92af9bcbaf6c1677f0d6b13609a8e04222bbc
git.stella-ops.org/etc/appsettings.sm.yaml.example
master 84d97fd22c feat(eidas): Implement eIDAS Crypto Plugin with dependency injection and signing capabilities 
- Added ServiceCollectionExtensions for eIDAS crypto providers.
- Implemented EidasCryptoProvider for handling eIDAS-compliant signatures.
- Created LocalEidasProvider for local signing using PKCS#12 keystores.
- Defined SignatureLevel and SignatureFormat enums for eIDAS compliance.
- Developed TrustServiceProviderClient for remote signing via TSP.
- Added configuration support for eIDAS options in the project file.
- Implemented unit tests for SM2 compliance and crypto operations.
- Introduced dependency injection extensions for SM software and remote plugins.
2025-12-23 14:06:48 +02:00

125 lines
3.8 KiB
Plaintext
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
# Sprint: SPRINT_4100_0006_0003 - SM Crypto CLI Integration
# Configuration example for Chinese ShangMi (SM) crypto providers
StellaOps:
Crypto:
Registry:
# Active profile for SM operations
ActiveProfile: "sm-production"
Profiles:
# Production profile using GmSSL or remote CSP
- Name: "sm-production"
PreferredProviders:
- "cn.sm.soft" # GmSSL software implementation
- "cn.sm.remote.http" # Remote cryptographic service provider
Keys:
# Software SM2 key (GmSSL)
- KeyId: "sm-signing-2025"
Source: "file"
Location: "/etc/stellaops/keys/sm-2025.pem"
Algorithm: "SM2"
CertificateFormat: "GM/T 0015-2012" # SM2 certificate standard
Metadata:
description: "Production SM2 signing key"
usage: "signatures"
compliant: "OSCCA GM/T 0003-2012"
# Remote CSP key
- KeyId: "sm-csp-prod"
Source: "remote-csp"
Endpoint: "https://sm-csp.example.cn"
CredentialId: "cred-sm-123456"
Algorithm: "SM2"
Metadata:
description: "Remote CSP signing key"
vendor: "Example CSP Provider"
certified: "true"
# Testing/development profile with simulator
- Name: "sm-simulator"
PreferredProviders:
- "cn.sm.simulator" # Simulator for testing without real CSP
Keys:
- KeyId: "sm-test-key"
Source: "simulator"
Algorithm: "SM2"
Metadata:
description: "Test SM2 key for development"
warning: "NOT for production use"
# SM Soft Provider Configuration (GmSSL-based)
Profiles:
sm-soft:
# Require SM_SOFT_ALLOWED=1 environment variable
RequireEnvironmentGate: true
# Pre-configured keys
Keys:
- KeyId: "sm-signing-2025"
PrivateKeyPath: "/etc/stellaops/keys/sm-2025.pem"
# Supports both PEM and PKCS#8 DER formats
# SM Remote Provider Configuration (Remote CSP)
sm-remote:
# Skip initial probe if CSP is not always available
SkipProbe: false
# Pre-configured remote keys
Keys:
- KeyId: "sm-csp-prod"
RemoteKeyId: "remote-key-id-at-csp"
# SM Simulator Provider Configuration (Testing)
sm-simulator:
# Simulator endpoint (local or remote)
Endpoint: "http://localhost:8888"
# Auto-generate test keys
AutoGenerateKeys: true
Keys:
- KeyId: "sm-test-key"
GenerateOnStartup: true
# SM Algorithm Constants
# - SM2: Public key cryptography (equivalent to ECDSA P-256)
# - SM3: Hash function (equivalent to SHA-256, 256-bit output)
# - SM4: Block cipher (equivalent to AES-128)
# - SM9: Identity-based cryptography
# Compliance Requirements (OSCCA)
# - Algorithms must use OSCCA-certified implementations
# - Certificates must follow GM/T 0015-2012 (SM2 certificate format)
# - Key exchange follows GM/T 0003.5 protocol
# Usage Examples:
#
# Sign with SM2:
# stella crypto sign \
# --provider cn.sm.soft \
# --profile sm-production \
# --key-id sm-signing-2025 \
# --alg SM2 \
# --file document.pdf \
# --out document.pdf.sig
#
# Hash with SM3:
# stella crypto hash \
# --alg SM3 \
# --file document.pdf
#
# Verify SM2 signature:
# stella crypto verify \
# --provider cn.sm.soft \
# --key-id sm-signing-2025 \
# --alg SM2 \
# --file document.pdf \
# --signature document.pdf.sig
#
# List SM providers:
# stella crypto providers --filter sm
Reference in New Issue View Git Blame Copy Permalink