Buffers should be zeroed out after usage if they contain any sensitive data.
Logs should not contain sensitive data, and should only present detailed data and error information (such as stack traces) if configured so.
+Parsec should follow the Rust Style +Guide and Rust official +lints, both of which are enforced by the +tools mentioned in the How to test +Parsec section, on +static checks.
New functionality is properly tested.
The threat
diff --git a/contributing/release_process.html b/contributing/release_process.html
index a97b837..382804b 100644
--- a/contributing/release_process.html
+++ b/contributing/release_process.html
@@ -278,13 +278,16 @@ Testi
the creation of a new GitHub issue and will be flagged to the community for assessment as to whether
it is a blocking issue for the release.
Formal release expectations are still to be determined but all releases should follow the Parsec -Release Checklist -and enure that the new release works on a fixed set of platforms. Parsec is a public open source -project and it can be used in a variety of contexts. It is the responsibility of the system -integrator or Parsec adopter to ensure its suitability for use in any product or other context. Any -questions around specific expectations and requirements can be raised with the Parsec maintainers -through the available community channels.
+All releases should follow the Parsec Release +Checklist and +ensure that the new release works on a fixed set of platforms. By complying with the Release +Checklist, the release should not contain any known security vulnerabilities, there should be no +added regression on the release tests and the quality requirements (coding style, best practices, +etc.) of the project should be met. Parsec is a public open source project and it can be used in a +variety of contexts. It is the responsibility of the system integrator or Parsec adopter to ensure +its suitability for use in any product or other context. Any questions around specific expectations +and requirements can be raised with the Parsec maintainers through the available community +channels.
For complex features whose development is likely to go beyond the code freeze date for the next scheduled release, the use of feature branches may be appropriate, and this can be agreed between diff --git a/css/general.css b/css/general.css index 344b53e..a6db680 100644 --- a/css/general.css +++ b/css/general.css @@ -5,6 +5,7 @@ :root { /* Browser default font-size is 16px, this way 1 rem = 10px */ font-size: 62.5%; + color-scheme: var(--color-scheme); } html { diff --git a/css/print.css b/css/print.css index 5e690f7..27d05e9 100644 --- a/css/print.css +++ b/css/print.css @@ -22,14 +22,6 @@ overflow-y: initial; } -code { - background-color: #666666; - border-radius: 5px; - - /* Force background to be printed in Chrome */ - -webkit-print-color-adjust: exact; -} - pre > .buttons { z-index: 2; } diff --git a/css/variables.css b/css/variables.css index 21bf8e5..59fcda8 100644 --- a/css/variables.css +++ b/css/variables.css @@ -50,6 +50,8 @@ --searchresults-border-color: #888; --searchresults-li-bg: #252932; --search-mark-bg: #e3b171; + + --color-scheme: dark; } .coal { @@ -90,6 +92,8 @@ --searchresults-border-color: #98a3ad; --searchresults-li-bg: #2b2b2f; --search-mark-bg: #355c7d; + + --color-scheme: dark; } .light { @@ -130,6 +134,8 @@ --searchresults-border-color: #888; --searchresults-li-bg: #e4f2fe; --search-mark-bg: #a2cff5; + + --color-scheme: light; } .navy { @@ -170,6 +176,8 @@ --searchresults-border-color: #5c5c68; --searchresults-li-bg: #242430; --search-mark-bg: #a2cff5; + + --color-scheme: dark; } .rust { @@ -210,6 +218,8 @@ --searchresults-border-color: #888; --searchresults-li-bg: #dec2a2; --search-mark-bg: #e69f67; + + --color-scheme: light; } @media (prefers-color-scheme: dark) { diff --git a/parsec_service/tests/index.html b/parsec_service/tests/index.html index 9d8c825..d99fcf5 100644 --- a/parsec_service/tests/index.html +++ b/parsec_service/tests/index.html @@ -179,10 +179,10 @@
The stress test simply constructs and sends random requests as fast as possible using a multithreaded client. Valid requests are sent intermittently so as to check that the service is still up and working correctly.
-The ci.sh script executes all tests and is used on the CI.
-rustfmt and
-clippy are needed for code formatting and static
-checks.
The ci.sh script executes all tests and is used on the CI.
Parsec's code style is enforced by rustfmt and
+clippy, which are needed for code formatting and
+static lint checks respectively. A documentation style is also enforced by cargo test --doc.
You can see a (partial) code coverage figure here
rustfmt and
-clippy are needed for code formatting and static
-checks.
+The ci.sh script executes all tests and is used on the CI.
Parsec's code style is enforced by rustfmt and
+clippy, which are needed for code formatting and
+static lint checks respectively. A documentation style is also enforced by cargo test --doc.
You can see a (partial) code coverage figure here
Buffers should be zeroed out after usage if they contain any sensitive data.
Logs should not contain sensitive data, and should only present detailed data and error information (such as stack traces) if configured so.
+Parsec should follow the Rust Style +Guide and Rust official +lints, both of which are enforced by the +tools mentioned in the How to test +Parsec section, on +static checks.
New functionality is properly tested.
The threat
@@ -5506,13 +5512,16 @@ Testi
the creation of a new GitHub issue and will be flagged to the community for assessment as to whether
it is a blocking issue for the release.
Formal release expectations are still to be determined but all releases should follow the Parsec -Release Checklist -and enure that the new release works on a fixed set of platforms. Parsec is a public open source -project and it can be used in a variety of contexts. It is the responsibility of the system -integrator or Parsec adopter to ensure its suitability for use in any product or other context. Any -questions around specific expectations and requirements can be raised with the Parsec maintainers -through the available community channels.
+All releases should follow the Parsec Release +Checklist and +ensure that the new release works on a fixed set of platforms. By complying with the Release +Checklist, the release should not contain any known security vulnerabilities, there should be no +added regression on the release tests and the quality requirements (coding style, best practices, +etc.) of the project should be met. Parsec is a public open source project and it can be used in a +variety of contexts. It is the responsibility of the system integrator or Parsec adopter to ensure +its suitability for use in any product or other context. Any questions around specific expectations +and requirements can be raised with the Parsec maintainers through the available community +channels.
For complex features whose development is likely to go beyond the code freeze date for the next
scheduled release, the use of feature branches may be appropriate, and this can be agreed between
diff --git a/searchindex.js b/searchindex.js
index 237ad21..591d011 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Object.assign(window.search, {"doc_urls":["index.html","overview.html#welcome-to-parsec","overview.html#why-platform-agnostic-security","overview.html#basis-in-platform-security-architecture","overview.html#the-parsec-service","overview.html#multitenancy-and-access-control","overview.html#pluggable-back-end-modules","overview.html#beautiful-client-libraries","overview.html#source-code-structure","getting_started/index.html#getting-started-with-parsec","getting_started/index.html#welcome","getting_started/index.html#i-want-to-check-if-parsec-is-running","getting_started/index.html#i-want-to-install-the-parsec-service","getting_started/index.html#i-want-to-use-parsec-apis-in-my-own-code","getting_started/index.html#i-want-to-use-parsec-from-the-command-line","getting_started/index.html#i-want-to-understand-how-parsec-works-internally","getting_started/index.html#i-want-to-create-a-new-parsec-client-library","getting_started/index.html#i-want-to-make-sure-that-my-parsec-installation-is-secure","getting_started/index.html#i-want-to-configure-the-correct-hardware-back-end-for-my-device","getting_started/index.html#i-want-to-get-involved-with-the-parsec-community","getting_started/linux_x86.html#quickstart-for-linux-on-x86","getting_started/opensuse.html#quickstart-for-opensuse-and-suse","getting_started/docker.html#docker","getting_started/installation_options.html#installation-options","getting_started/installation_options.html#is-parsec-already-running","getting_started/installation_options.html#option-1-install-parsec-using-the-package-manager","getting_started/installation_options.html#installing-the-parsec-packages","getting_started/installation_options.html#setting-up-user-permissions","getting_started/installation_options.html#starting-the-parsec-service","getting_started/installation_options.html#checking-the-installation","getting_started/installation_options.html#option-2-download-a-quick-start-release","getting_started/installation_options.html#check-that-your-system-is-suitable","getting_started/installation_options.html#download-the-latest-quick-start-release-bundle","getting_started/installation_options.html#configure-your-environment","getting_started/installation_options.html#start-the-parsec-service","getting_started/installation_options.html#using-the-parsec-tool","getting_started/installation_options.html#controlling-the-service-manually","getting_started/installation_options.html#running-the-test-script","getting_started/installation_options.html#option-3-use-a-quickstart-docker-image","getting_started/installation_options.html#check-that-your-system-is-suitable-1","getting_started/installation_options.html#run-the-latest-quick-start-release-image","getting_started/installation_options.html#configure-your-environment-1","getting_started/installation_options.html#start-the-parsec-service-1","getting_started/installation_options.html#using-the-parsec-tool-1","getting_started/installation_options.html#controlling-the-service-manually-1","getting_started/installation_options.html#running-the-test-script-1","getting_started/installation_options.html#option-4-build-from-source-code","getting_started/installation_options.html#option-5-include-parsec-in-a-custom-embedded-linux-distribution-using-yocto-project","getting_started/parsec_tool_use.html#using-parsec-from-the-command-line","getting_started/parsec_tool_use.html#introduction","getting_started/parsec_tool_use.html#installing-the-parsec-command-line-tool","getting_started/parsec_tool_use.html#checking-the-version","getting_started/parsec_tool_use.html#getting-help-with-commands","getting_started/parsec_tool_use.html#setting-the-service-api-endpoint","getting_started/parsec_tool_use.html#pinging-the-service","getting_started/parsec_tool_use.html#checking-the-service-back-end-configuration","getting_started/parsec_tool_use.html#checking-the-service-front-end-configuration","getting_started/parsec_tool_use.html#signing-with-an-elliptic-curve-key","getting_started/parsec_tool_use.html#signing-with-an-rsa-key","getting_started/parsec_tool_use.html#encryption-with-an-rsa-key","getting_started/parsec_tool_use.html#generating-a-random-number","getting_started/parsec_tool_use.html#creating-a-certificate-signing-request-csr","parsec_users.html#parsec-for-users","parsec_users.html#how-to-use-parsec","parsec_users.html#building-running-and-installing-parsec","parsec_client/index.html#parsec-for-client-library-developers","parsec_client/api_overview.html#api-overview","parsec_client/api_overview.html#introduction","parsec_client/api_overview.html#audience","parsec_client/api_overview.html#opcodes-and-contracts","parsec_client/api_overview.html#selecting-providers","parsec_client/api_overview.html#open-closed-principle","parsec_client/api_overview.html#non-breaking-changes","parsec_client/api_overview.html#deprecation","parsec_client/api_overview.html#capability-checks","parsec_client/api_overview.html#application-identity","parsec_client/api_overview.html#authentication-and-sessions","parsec_client/api_overview.html#unauthenticated-operations","parsec_client/api_overview.html#content-type-and-accept-type","parsec_client/api_overview.html#psa-crypto-operations","parsec_client/api_overview.html#key-names-enumerating-and-referencing","parsec_client/api_overview.html#service-discovery","parsec_client/api_overview.html#full-api-reference","parsec_client/wire_protocol.html#wire-protocol","parsec_client/wire_protocol.html#introduction","parsec_client/wire_protocol.html#scope","parsec_client/wire_protocol.html#audience","parsec_client/wire_protocol.html#general-principles","parsec_client/wire_protocol.html#binary-protocol","parsec_client/wire_protocol.html#requests-and-responses","parsec_client/wire_protocol.html#analogy-with-http-and-rest","parsec_client/wire_protocol.html#synchronous-operation","parsec_client/wire_protocol.html#separation-of-protocol-and-transport","parsec_client/wire_protocol.html#separation-of-header-and-body","parsec_client/wire_protocol.html#protobuf-body","parsec_client/wire_protocol.html#authentication","parsec_client/wire_protocol.html#sessions","parsec_client/wire_protocol.html#wire-protocol-versions","parsec_client/wire_protocol.html#opcodes","parsec_client/wire_protocol.html#status","parsec_client/wire_protocol.html#message-structure-specifications","parsec_client/wire_protocol.html#general-rules","parsec_client/wire_protocol.html#the-fixed-common-header","parsec_client/wire_protocol.html#requests","parsec_client/wire_protocol.html#responses","parsec_client/status_codes.html#response-status-codes","parsec_client/status_codes.html#service-internal-response-status-codes","parsec_client/status_codes.html#psa-response-status-codes","parsec_client/writing_library.html#writing-a-new-parsec-client-library","parsec_client/operations/index.html#operations","parsec_client/operations/index.html#introduction","parsec_client/operations/index.html#overview","parsec_client/operations/index.html#core-operations","parsec_client/operations/index.html#service-health","parsec_client/operations/index.html#service-configuration","parsec_client/operations/index.html#psa-crypto-operations","parsec_client/operations/index.html#key-management","parsec_client/operations/index.html#message-digests","parsec_client/operations/index.html#message-authentication-codes-mac","parsec_client/operations/index.html#unauthenticated-ciphers","parsec_client/operations/index.html#authenticated-encryption-with-associated-data-aead","parsec_client/operations/index.html#asymmetric-signature","parsec_client/operations/index.html#asymmetric-encryption","parsec_client/operations/index.html#key-agreement","parsec_client/operations/index.html#random-number-generation","parsec_client/operations/index.html#other-operations","parsec_client/operations/index.html#key-attestation","parsec_client/operations/index.html#capability-discovery","parsec_client/operations/service_api_coverage.html#parsec-operations-coverage","parsec_client/operations/service_api_coverage.html#key-types-support","parsec_client/operations/service_api_coverage.html#elliptic-curve-families","parsec_client/operations/service_api_coverage.html#algorithm-support","parsec_client/operations/service_api_coverage.html#increasing-psa-api-coverage","parsec_client/operations/psa_key_attributes.html#psa-key-attributes","parsec_client/operations/psa_key_attributes.html#keyattributes-type","parsec_client/operations/psa_key_attributes.html#keytype-type","parsec_client/operations/psa_key_attributes.html#rawdata-type","parsec_client/operations/psa_key_attributes.html#hmac-type","parsec_client/operations/psa_key_attributes.html#derive-type","parsec_client/operations/psa_key_attributes.html#aes-type","parsec_client/operations/psa_key_attributes.html#des-type","parsec_client/operations/psa_key_attributes.html#camellia-type","parsec_client/operations/psa_key_attributes.html#arc4-type","parsec_client/operations/psa_key_attributes.html#chacha20-type","parsec_client/operations/psa_key_attributes.html#rsapublickey-type","parsec_client/operations/psa_key_attributes.html#rsakeypair-type","parsec_client/operations/psa_key_attributes.html#ecckeypair-type","parsec_client/operations/psa_key_attributes.html#eccpublickey-type","parsec_client/operations/psa_key_attributes.html#dhkeypair-type","parsec_client/operations/psa_key_attributes.html#dhpublickey-type","parsec_client/operations/psa_key_attributes.html#supported-ecc-curve-families","parsec_client/operations/psa_key_attributes.html#supported-dh-group-families","parsec_client/operations/psa_key_attributes.html#keypolicy-type","parsec_client/operations/psa_key_attributes.html#usageflags-type","parsec_client/operations/psa_key_attributes.html#sign-message-usage","parsec_client/operations/psa_key_attributes.html#verify-message-usage","parsec_client/operations/psa_key_attributes.html#sign-hash-usage","parsec_client/operations/psa_key_attributes.html#verify-hash-usage","parsec_client/operations/psa_algorithm.html#psa-algorithm","parsec_client/operations/psa_algorithm.html#algorithm-type","parsec_client/operations/psa_algorithm.html#none-algorithm","parsec_client/operations/psa_algorithm.html#hash-algorithm","parsec_client/operations/psa_algorithm.html#mac-algorithm","parsec_client/operations/psa_algorithm.html#cipher-algorithm","parsec_client/operations/psa_algorithm.html#aead-algorithm","parsec_client/operations/psa_algorithm.html#asymmetricsignature-algorithm","parsec_client/operations/psa_algorithm.html#asymmetricencryption-algorithm","parsec_client/operations/psa_algorithm.html#keyagreement-algorithm","parsec_client/operations/psa_algorithm.html#keyderivation-algorithm","parsec_client/operations/ping.html#ping","parsec_client/operations/ping.html#parameters","parsec_client/operations/ping.html#results","parsec_client/operations/ping.html#specific-response-status-codes","parsec_client/operations/ping.html#description","parsec_client/operations/ping.html#contract","parsec_client/operations/psa_generate_key.html#psageneratekey","parsec_client/operations/psa_generate_key.html#parameters","parsec_client/operations/psa_generate_key.html#results","parsec_client/operations/psa_generate_key.html#specific-response-status-codes","parsec_client/operations/psa_generate_key.html#description","parsec_client/operations/psa_generate_key.html#contract","parsec_client/operations/psa_destroy_key.html#psadestroykey","parsec_client/operations/psa_destroy_key.html#parameters","parsec_client/operations/psa_destroy_key.html#results","parsec_client/operations/psa_destroy_key.html#specific-response-status-codes","parsec_client/operations/psa_destroy_key.html#description","parsec_client/operations/psa_destroy_key.html#contract","parsec_client/operations/psa_sign_hash.html#psasignhash","parsec_client/operations/psa_sign_hash.html#parameters","parsec_client/operations/psa_sign_hash.html#results","parsec_client/operations/psa_sign_hash.html#specific-response-status-codes","parsec_client/operations/psa_sign_hash.html#description","parsec_client/operations/psa_sign_hash.html#contract","parsec_client/operations/psa_verify_hash.html#psaverifyhash","parsec_client/operations/psa_verify_hash.html#parameters","parsec_client/operations/psa_verify_hash.html#results","parsec_client/operations/psa_verify_hash.html#specific-response-status-codes","parsec_client/operations/psa_verify_hash.html#description","parsec_client/operations/psa_verify_hash.html#contract","parsec_client/operations/psa_import_key.html#psaimportkey","parsec_client/operations/psa_import_key.html#parameters","parsec_client/operations/psa_import_key.html#results","parsec_client/operations/psa_import_key.html#specific-response-status-codes","parsec_client/operations/psa_import_key.html#description","parsec_client/operations/psa_import_key.html#contract","parsec_client/operations/psa_export_public_key.html#psaexportpublickey","parsec_client/operations/psa_export_public_key.html#parameters","parsec_client/operations/psa_export_public_key.html#results","parsec_client/operations/psa_export_public_key.html#specific-response-status-codes","parsec_client/operations/psa_export_public_key.html#description","parsec_client/operations/psa_export_public_key.html#contract","parsec_client/operations/list_providers.html#listproviders","parsec_client/operations/list_providers.html#parameters","parsec_client/operations/list_providers.html#results","parsec_client/operations/list_providers.html#providerinfo-type","parsec_client/operations/list_providers.html#specific-response-status-codes","parsec_client/operations/list_providers.html#description","parsec_client/operations/list_providers.html#contract","parsec_client/operations/list_opcodes.html#listopcodes","parsec_client/operations/list_opcodes.html#parameters","parsec_client/operations/list_opcodes.html#results","parsec_client/operations/list_opcodes.html#specific-response-status-codes","parsec_client/operations/list_opcodes.html#description","parsec_client/operations/list_opcodes.html#contract","parsec_client/operations/psa_asymmetric_encrypt.html#psaasymmetricencrypt","parsec_client/operations/psa_asymmetric_encrypt.html#parameters","parsec_client/operations/psa_asymmetric_encrypt.html#results","parsec_client/operations/psa_asymmetric_encrypt.html#specific-response-status-codes","parsec_client/operations/psa_asymmetric_encrypt.html#description","parsec_client/operations/psa_asymmetric_encrypt.html#contract","parsec_client/operations/psa_asymmetric_decrypt.html#psaasymmetricdecrypt","parsec_client/operations/psa_asymmetric_decrypt.html#parameters","parsec_client/operations/psa_asymmetric_decrypt.html#results","parsec_client/operations/psa_asymmetric_decrypt.html#specific-response-status-codes","parsec_client/operations/psa_asymmetric_decrypt.html#description","parsec_client/operations/psa_asymmetric_decrypt.html#contract","parsec_client/operations/psa_export_key.html#psaexportkey","parsec_client/operations/psa_export_key.html#parameters","parsec_client/operations/psa_export_key.html#results","parsec_client/operations/psa_export_key.html#specific-response-status-codes","parsec_client/operations/psa_export_key.html#description","parsec_client/operations/psa_export_key.html#contract","parsec_client/operations/psa_generate_random.html#psageneraterandom","parsec_client/operations/psa_generate_random.html#parameters","parsec_client/operations/psa_generate_random.html#results","parsec_client/operations/psa_generate_random.html#specific-response-status-codes","parsec_client/operations/psa_generate_random.html#description","parsec_client/operations/psa_generate_random.html#contract","parsec_client/operations/list_authenticators.html#listauthenticators","parsec_client/operations/list_authenticators.html#parameters","parsec_client/operations/list_authenticators.html#results","parsec_client/operations/list_authenticators.html#authenticatorinfo-type","parsec_client/operations/list_authenticators.html#specific-response-status-codes","parsec_client/operations/list_authenticators.html#description","parsec_client/operations/list_authenticators.html#contract","parsec_client/operations/psa_hash_compute.html#psahashcompute","parsec_client/operations/psa_hash_compute.html#parameters","parsec_client/operations/psa_hash_compute.html#results","parsec_client/operations/psa_hash_compute.html#specific-response-status-codes","parsec_client/operations/psa_hash_compute.html#description","parsec_client/operations/psa_hash_compute.html#contract","parsec_client/operations/psa_hash_compare.html#psahashcompare","parsec_client/operations/psa_hash_compare.html#parameters","parsec_client/operations/psa_hash_compare.html#results","parsec_client/operations/psa_hash_compare.html#specific-response-status-codes","parsec_client/operations/psa_hash_compare.html#description","parsec_client/operations/psa_hash_compare.html#contract","parsec_client/operations/psa_aead_encrypt.html#psaaeadencrypt","parsec_client/operations/psa_aead_encrypt.html#parameters","parsec_client/operations/psa_aead_encrypt.html#results","parsec_client/operations/psa_aead_encrypt.html#specific-response-status-codes","parsec_client/operations/psa_aead_encrypt.html#description","parsec_client/operations/psa_aead_encrypt.html#contract","parsec_client/operations/psa_aead_decrypt.html#psaaeaddecrypt","parsec_client/operations/psa_aead_decrypt.html#parameters","parsec_client/operations/psa_aead_decrypt.html#results","parsec_client/operations/psa_aead_decrypt.html#specific-response-status-codes","parsec_client/operations/psa_aead_decrypt.html#description","parsec_client/operations/psa_aead_decrypt.html#contract","parsec_client/operations/psa_raw_key_agreement.html#psarawkeyagreement","parsec_client/operations/psa_raw_key_agreement.html#parameters","parsec_client/operations/psa_raw_key_agreement.html#results","parsec_client/operations/psa_raw_key_agreement.html#specific-response-status-codes","parsec_client/operations/psa_raw_key_agreement.html#description","parsec_client/operations/psa_raw_key_agreement.html#contract","parsec_client/operations/psa_cipher_encrypt.html#psacipherencrypt","parsec_client/operations/psa_cipher_encrypt.html#parameters","parsec_client/operations/psa_cipher_encrypt.html#results","parsec_client/operations/psa_cipher_encrypt.html#specific-response-status-codes","parsec_client/operations/psa_cipher_encrypt.html#description","parsec_client/operations/psa_cipher_encrypt.html#contract","parsec_client/operations/psa_cipher_decrypt.html#psacipherdecrypt","parsec_client/operations/psa_cipher_decrypt.html#parameters","parsec_client/operations/psa_cipher_decrypt.html#results","parsec_client/operations/psa_cipher_decrypt.html#specific-response-status-codes","parsec_client/operations/psa_cipher_decrypt.html#description","parsec_client/operations/psa_cipher_decrypt.html#contract","parsec_client/operations/psa_mac_compute.html#psamaccompute","parsec_client/operations/psa_mac_compute.html#parameters","parsec_client/operations/psa_mac_compute.html#results","parsec_client/operations/psa_mac_compute.html#specific-response-status-codes","parsec_client/operations/psa_mac_compute.html#description","parsec_client/operations/psa_mac_compute.html#contract","parsec_client/operations/psa_mac_verify.html#psamacverify","parsec_client/operations/psa_mac_verify.html#parameters","parsec_client/operations/psa_mac_verify.html#results","parsec_client/operations/psa_mac_verify.html#specific-response-status-codes","parsec_client/operations/psa_mac_verify.html#description","parsec_client/operations/psa_mac_verify.html#contract","parsec_client/operations/psa_sign_message.html#psasignmessage","parsec_client/operations/psa_sign_message.html#parameters","parsec_client/operations/psa_sign_message.html#results","parsec_client/operations/psa_sign_message.html#specific-response-status-codes","parsec_client/operations/psa_sign_message.html#description","parsec_client/operations/psa_sign_message.html#contract","parsec_client/operations/psa_verify_message.html#psaverifymessage","parsec_client/operations/psa_verify_message.html#parameters","parsec_client/operations/psa_verify_message.html#specific-response-status-codes","parsec_client/operations/psa_verify_message.html#description","parsec_client/operations/psa_verify_message.html#contract","parsec_client/operations/list_keys.html#listkeys","parsec_client/operations/list_keys.html#parameters","parsec_client/operations/list_keys.html#results","parsec_client/operations/list_keys.html#keyinfo-type","parsec_client/operations/list_keys.html#specific-response-status-codes","parsec_client/operations/list_keys.html#description","parsec_client/operations/list_keys.html#contract","parsec_client/operations/list_clients.html#listclients","parsec_client/operations/list_clients.html#parameters","parsec_client/operations/list_clients.html#results","parsec_client/operations/list_clients.html#specific-response-status-codes","parsec_client/operations/list_clients.html#description","parsec_client/operations/list_clients.html#contract","parsec_client/operations/delete_client.html#deleteclient","parsec_client/operations/delete_client.html#parameters","parsec_client/operations/delete_client.html#results","parsec_client/operations/delete_client.html#specific-response-status-codes","parsec_client/operations/delete_client.html#description","parsec_client/operations/delete_client.html#contract","parsec_client/operations/prepare_key_attestation_params.html#prepare-key-attestation-parameters","parsec_client/operations/prepare_key_attestation_params.html#activatecredential-tpm-provider","parsec_client/operations/prepare_key_attestation_params.html#preparekeyattestationparams","parsec_client/operations/prepare_key_attestation_params.html#preparekeyattestationoutput","parsec_client/operations/prepare_key_attestation.html#preparekeyattestation","parsec_client/operations/prepare_key_attestation.html#parameters","parsec_client/operations/prepare_key_attestation.html#results","parsec_client/operations/prepare_key_attestation.html#specific-response-status-codes","parsec_client/operations/prepare_key_attestation.html#description","parsec_client/operations/prepare_key_attestation.html#contract","parsec_client/operations/attest_key.html#attestkey","parsec_client/operations/attest_key.html#parameters","parsec_client/operations/attest_key.html#results","parsec_client/operations/attest_key.html#specific-response-status-codes","parsec_client/operations/attest_key.html#description","parsec_client/operations/attest_key.html#contract","parsec_client/operations/attest_key_params.html#key-attestation-parameters","parsec_client/operations/attest_key_params.html#activatecredential-tpm-provider","parsec_client/operations/attest_key_params.html#attestationmechanismparams","parsec_client/operations/attest_key_params.html#attestationoutput","parsec_client/operations/can_do_crypto.html#candocrypto","parsec_client/operations/can_do_crypto.html#parameters","parsec_client/operations/can_do_crypto.html#checktype-type","parsec_client/operations/can_do_crypto.html#results","parsec_client/operations/can_do_crypto.html#specific-response-status-codes","parsec_client/operations/can_do_crypto.html#description","parsec_client/operations/can_do_crypto.html#contract","parsec_service/index.html#parsec-for-service-developers","parsec_service/interfaces_and_dataflow.html#interfaces-and-dataflow","parsec_service/interfaces_and_dataflow.html#introduction","parsec_service/interfaces_and_dataflow.html#data-flow-diagram","parsec_service/interfaces_and_dataflow.html#the-data-flow-backbone","parsec_service/interfaces_and_dataflow.html#the-listener","parsec_service/interfaces_and_dataflow.html#the-front-end-handler","parsec_service/interfaces_and_dataflow.html#the-authenticator","parsec_service/interfaces_and_dataflow.html#the-dispatcher","parsec_service/interfaces_and_dataflow.html#the-back-end-handler","parsec_service/interfaces_and_dataflow.html#the-converter","parsec_service/interfaces_and_dataflow.html#the-provider","parsec_service/interfaces_and_dataflow.html#the-key-info-manager","parsec_service/interfaces_and_dataflow.html#return-journey","parsec_service/source_code_structure.html#source-code-structure","parsec_service/source_code_structure.html#introduction","parsec_service/source_code_structure.html#audience","parsec_service/source_code_structure.html#overview","parsec_service/source_code_structure.html#the-parsec-repository","parsec_service/source_code_structure.html#the-providers-sub-folder","parsec_service/source_code_structure.html#the-interface-repository","parsec_service/source_code_structure.html#the-operations-repository","parsec_service/source_code_structure.html#the-client-repositories","parsec_service/source_code_structure.html#repository-map","parsec_service/listeners.html#listeners","parsec_service/listeners.html#domain-socket-listener","parsec_service/authenticators.html#authenticators","parsec_service/authenticators.html#direct-authenticator","parsec_service/authenticators.html#unix-peer-credentials-authenticator","parsec_service/authenticators.html#jwt-spiffe-verifiable-identity-document-authenticator","parsec_service/converters.html#converters","parsec_service/converters.html#protobuf-converter","parsec_service/providers.html#providers","parsec_service/providers.html#core-provider","parsec_service/providers.html#mbed-crypto-provider","parsec_service/providers.html#tpm-provider","parsec_service/providers.html#pkcs-11-provider","parsec_service/providers.html#microchip-cryptoauthentication-library-provider","parsec_service/providers.html#trusted-service-provider","parsec_service/key_info_managers.html#key-info-managers","parsec_service/key_info_managers.html#sqlite-key-info-manager","parsec_service/key_info_managers.html#on-disk-key-info-manager","parsec_service/adding_provider.html#adding-a-new-parsec-provider","parsec_service/adding_provider.html#mandatory-methods","parsec_service/adding_provider.html#data-format","parsec_service/adding_provider.html#key-management","parsec_service/adding_provider.html#dealing-with-key-identity-mappings-coherency","parsec_service/build_run.html#how-to-build-and-run-parsec","parsec_service/build_run.html#prerequisites","parsec_service/build_run.html#building-parsec","parsec_service/build_run.html#running-parsec-end-to-end-tests","parsec_service/build_run.html#killing-parsec","parsec_service/build_run.html#reloading-parsec","parsec_service/build_run.html#dependencies","parsec_service/build_run.html#mbed-crypto","parsec_service/build_run.html#pkcs-11-crypto","parsec_service/build_run.html#tpm-crypto","parsec_service/build_run.html#cryptoauth-library","parsec_service/build_run.html#trusted-service","parsec_service/build_run.html#cross-compilation","parsec_service/install_parsec_linux.html#how-to-securely-install-parsec-on-linux","parsec_service/install_parsec_linux.html#from-an-admin-user-with-privileges","parsec_service/install_parsec_linux.html#from-the-parsec-user","parsec_service/install_parsec_linux.html#from-a-parsec-client","parsec_service/install_parsec_linux.html#using-direct-authentication","parsec_service/configuration.html#parsec-configuration","parsec_service/tests/index.html#how-to-test-parsec","parsec_service/tests/index.html#executing-tests-manually","parsec_service/tests/index.html#static-tests","parsec_service/tests/index.html#unit-tests","parsec_service/tests/index.html#end-to-end-tests","parsec_service/tests/index.html#fuzz-testing","parsec_service/tests/index.html#testing-the-tpm-provider-using-the-software-tpm","parsec_service/tests/index.html#testing-the-pkcs11-provider-using-the-software-hsm","parsec_service/tests/index.html#testing-the-trusted-service-provider-using-the-in-process-trusted-services-stack","parsec_service/tests/existing_tests.html#list-of-existing-tests","parsec_service/tests/existing_tests.html#end-to-end-testing","parsec_service/tests/existing_tests.html#fuzz-testing","parsec_service/tests/existing_tests.html#unit-testing","parsec_service/tests/existing_tests.html#cross-compilation-tests","parsec_service/tests/existing_tests.html#in-dependencies","parsec_service/stability.html#parsec-stability","parsec_service/stability.html#why-is-stability-important","parsec_service/stability.html#what-does-stability-mean-for-the-parsec-service","parsec_service/stability.html#what-needs-to-be-stable","parsec_service/stability.html#stability-review","parsec_service/stability.html#dynamic-libraries","parsec_security/index.html#parsec-security","parsec_security/parsec_threat_model/threat_model.html#parsec-threat-model","parsec_security/parsec_threat_model/threat_model.html#dataflow-diagram","parsec_security/parsec_threat_model/threat_model.html#assumptions","parsec_security/parsec_threat_model/threat_model.html#assets","parsec_security/parsec_threat_model/threat_model.html#authentication-token---as1","parsec_security/parsec_threat_model/threat_model.html#identity-provider-public-key--as2","parsec_security/parsec_threat_model/threat_model.html#private-keys--as3","parsec_security/parsec_threat_model/threat_model.html#clients-data--as4","parsec_security/parsec_threat_model/threat_model.html#configuration-data--as5","parsec_security/parsec_threat_model/threat_model.html#availability-of-the-service--as6","parsec_security/parsec_threat_model/threat_model.html#key-identity-mappings--as7","parsec_security/parsec_threat_model/threat_model.html#logs--as8","parsec_security/parsec_threat_model/threat_model.html#attackers","parsec_security/parsec_threat_model/threat_model.html#attacker-client-request---a1","parsec_security/parsec_threat_model/threat_model.html#attacker-service-response---a2","parsec_security/parsec_threat_model/threat_model.html#attacker-os-signal---a3","parsec_security/parsec_threat_model/threat_model.html#attacker-service-operation---a4","parsec_security/parsec_threat_model/threat_model.html#attacker-hardware-result---a5","parsec_security/parsec_threat_model/threat_model.html#attacker-key-mapping-storage---a6","parsec_security/parsec_threat_model/threat_model.html#attacker-key-mapping-retrieval---a7","parsec_security/parsec_threat_model/threat_model.html#attacker-logging---a8","parsec_security/parsec_threat_model/threat_model.html#attacker-configuration---a9","parsec_security/parsec_threat_model/threat_model.html#attacker-identity-provider---a10","parsec_security/parsec_threat_model/threat_model.html#attacker-local-memory---a11","parsec_security/parsec_threat_model/threat_model.html#attacker-spiffe-validation-request---a12","parsec_security/parsec_threat_model/threat_model.html#attacker-spiffe-validation-response---a13","parsec_security/parsec_threat_model/threat_model.html#unmitigations","parsec_security/parsec_threat_model/threat_model.html#mitigations","parsec_security/parsec_threat_model/threat_model.html#operational-mitigations","parsec_security/secure_deployment.html#recommendations-on-a-secure-parsec-deployment","parsec_security/secure_deployment.html#using-systemd","parsec_security/rust_client_threat_model/threat_model.html#parsec-rust-client-threat-model","parsec_security/rust_client_threat_model/threat_model.html#dataflow-diagram","parsec_security/rust_client_threat_model/threat_model.html#assumptions","parsec_security/rust_client_threat_model/threat_model.html#assets","parsec_security/rust_client_threat_model/threat_model.html#application-identity---as1","parsec_security/rust_client_threat_model/threat_model.html#clients-data--as2","parsec_security/rust_client_threat_model/threat_model.html#configuration-data--as3","parsec_security/rust_client_threat_model/threat_model.html#clients-cryptographic-keys---as4","parsec_security/rust_client_threat_model/threat_model.html#system-and-client-application-stability---as5","parsec_security/rust_client_threat_model/threat_model.html#attackers","parsec_security/rust_client_threat_model/threat_model.html#attacker-request-to-service---a1","parsec_security/rust_client_threat_model/threat_model.html#attacker-library-memory---a2","parsec_security/rust_client_threat_model/threat_model.html#unmitigations","parsec_security/rust_client_threat_model/threat_model.html#mitigations","parsec_security/rust_client_threat_model/threat_model.html#operational-mitigations","contributing/index.html#contribution-guidelines","contributing/pr_checklist.html#pull-request-reviewer-checklist","contributing/pr_checklist.html#code-wise","contributing/pr_checklist.html#threat-model","contributing/pr_checklist.html#documentation","contributing/pr_checklist.html#testing","contributing/adding_new_operation_how_to.html#adding-operations-to-parsec","contributing/adding_new_operation_how_to.html#operation-specification","contributing/adding_new_operation_how_to.html#parsec-book","contributing/adding_new_operation_how_to.html#parsec-operations","contributing/adding_new_operation_how_to.html#rust-interface","contributing/adding_new_operation_how_to.html#parsec-interface-rs","contributing/adding_new_operation_how_to.html#parsec-rust-client","contributing/adding_new_operation_how_to.html#parsec-client-rust","contributing/adding_new_operation_how_to.html#other-clients-eg-go","contributing/adding_new_operation_how_to.html#parsec","contributing/adding_new_operation_how_to.html#psa-crypto-sys","contributing/adding_new_operation_how_to.html#psa-crypto","contributing/adding_new_operation_how_to.html#parsec-1","contributing/package_management.html#package-management-and-versioning-guide","contributing/package_management.html#rust-crates","contributing/package_management.html#dependency-management","contributing/package_management.html#docker-images","contributing/release_process.html#the-parsec-release-process","contributing/release_process.html#release-schedule","contributing/release_process.html#responsibility-for-releases","contributing/release_process.html#release-roadmap","contributing/release_process.html#released-components","contributing/release_process.html#release-version-numbering","contributing/release_process.html#common-rust-dependencies","contributing/release_process.html#release-codenames","contributing/release_process.html#code-freeze-and-release-branching","contributing/release_process.html#testing-of-releases","contributing/release_process.html#release-expectations","contributing/release_process.html#feature-branches","contributing/release_checklist.html#the-parsec-release-checklist","archive/index.html#archive","archive/system_architecture.html#system-architecture","archive/system_architecture.html#introduction","archive/system_architecture.html#overview","archive/system_architecture.html#design-goals","archive/system_architecture.html#participating-components-and-their-roles","archive/system_architecture.html#trust-relationships","archive/system_architecture.html#wire-protocols","archive/system_architecture.html#trusted-data-payloads","archive/system_architecture.html#client-definitions","archive/system_architecture.html#client-proofs","archive/system_architecture.html#authentication","archive/system_architecture.html#block-architecture-summary","archive/system_architecture.html#flows","archive/system_architecture.html#system-lifecycle-boot","archive/system_architecture.html#system-lifecycle-refresh","archive/system_architecture.html#application-lifecycle","archive/system_architecture.html#general-usage-flows","archive/system_architecture.html#sequence-diagram"],"index":{"documentStore":{"docInfo":{"0":{"body":91,"breadcrumbs":1,"title":1},"1":{"body":77,"breadcrumbs":3,"title":2},"10":{"body":14,"breadcrumbs":3,"title":1},"100":{"body":0,"breadcrumbs":8,"title":3},"101":{"body":32,"breadcrumbs":7,"title":2},"102":{"body":373,"breadcrumbs":8,"title":3},"103":{"body":79,"breadcrumbs":6,"title":1},"104":{"body":52,"breadcrumbs":6,"title":1},"105":{"body":5,"breadcrumbs":8,"title":3},"106":{"body":144,"breadcrumbs":10,"title":5},"107":{"body":139,"breadcrumbs":9,"title":4},"108":{"body":69,"breadcrumbs":13,"title":5},"109":{"body":0,"breadcrumbs":5,"title":1},"11":{"body":12,"breadcrumbs":6,"title":4},"110":{"body":21,"breadcrumbs":5,"title":1},"111":{"body":72,"breadcrumbs":5,"title":1},"112":{"body":43,"breadcrumbs":6,"title":2},"113":{"body":1,"breadcrumbs":6,"title":2},"114":{"body":8,"breadcrumbs":6,"title":2},"115":{"body":14,"breadcrumbs":7,"title":3},"116":{"body":5,"breadcrumbs":6,"title":2},"117":{"body":2,"breadcrumbs":6,"title":2},"118":{"body":2,"breadcrumbs":8,"title":4},"119":{"body":2,"breadcrumbs":6,"title":2},"12":{"body":21,"breadcrumbs":6,"title":4},"120":{"body":2,"breadcrumbs":9,"title":5},"121":{"body":4,"breadcrumbs":6,"title":2},"122":{"body":2,"breadcrumbs":6,"title":2},"123":{"body":1,"breadcrumbs":6,"title":2},"124":{"body":1,"breadcrumbs":7,"title":3},"125":{"body":10,"breadcrumbs":5,"title":1},"126":{"body":13,"breadcrumbs":6,"title":2},"127":{"body":17,"breadcrumbs":6,"title":2},"128":{"body":89,"breadcrumbs":10,"title":3},"129":{"body":36,"breadcrumbs":10,"title":3},"13":{"body":8,"breadcrumbs":7,"title":5},"130":{"body":42,"breadcrumbs":10,"title":3},"131":{"body":190,"breadcrumbs":9,"title":2},"132":{"body":14,"breadcrumbs":11,"title":4},"133":{"body":43,"breadcrumbs":10,"title":3},"134":{"body":27,"breadcrumbs":9,"title":2},"135":{"body":21,"breadcrumbs":9,"title":2},"136":{"body":19,"breadcrumbs":9,"title":2},"137":{"body":38,"breadcrumbs":9,"title":2},"138":{"body":20,"breadcrumbs":9,"title":2},"139":{"body":99,"breadcrumbs":9,"title":2},"14":{"body":26,"breadcrumbs":7,"title":5},"140":{"body":83,"breadcrumbs":9,"title":2},"141":{"body":105,"breadcrumbs":9,"title":2},"142":{"body":37,"breadcrumbs":9,"title":2},"143":{"body":40,"breadcrumbs":9,"title":2},"144":{"body":3,"breadcrumbs":9,"title":2},"145":{"body":7,"breadcrumbs":9,"title":2},"146":{"body":14,"breadcrumbs":9,"title":2},"147":{"body":10,"breadcrumbs":9,"title":2},"148":{"body":16,"breadcrumbs":9,"title":2},"149":{"body":11,"breadcrumbs":9,"title":2},"15":{"body":16,"breadcrumbs":7,"title":5},"150":{"body":207,"breadcrumbs":11,"title":4},"151":{"body":49,"breadcrumbs":11,"title":4},"152":{"body":24,"breadcrumbs":9,"title":2},"153":{"body":74,"breadcrumbs":9,"title":2},"154":{"body":33,"breadcrumbs":10,"title":3},"155":{"body":35,"breadcrumbs":10,"title":3},"156":{"body":47,"breadcrumbs":10,"title":3},"157":{"body":53,"breadcrumbs":10,"title":3},"158":{"body":43,"breadcrumbs":8,"title":2},"159":{"body":16,"breadcrumbs":8,"title":2},"16":{"body":19,"breadcrumbs":8,"title":6},"160":{"body":20,"breadcrumbs":8,"title":2},"161":{"body":57,"breadcrumbs":8,"title":2},"162":{"body":58,"breadcrumbs":8,"title":2},"163":{"body":232,"breadcrumbs":8,"title":2},"164":{"body":66,"breadcrumbs":8,"title":2},"165":{"body":222,"breadcrumbs":8,"title":2},"166":{"body":34,"breadcrumbs":8,"title":2},"167":{"body":29,"breadcrumbs":8,"title":2},"168":{"body":31,"breadcrumbs":8,"title":2},"169":{"body":10,"breadcrumbs":6,"title":1},"17":{"body":34,"breadcrumbs":8,"title":6},"170":{"body":3,"breadcrumbs":6,"title":1},"171":{"body":17,"breadcrumbs":6,"title":1},"172":{"body":5,"breadcrumbs":9,"title":4},"173":{"body":41,"breadcrumbs":6,"title":1},"174":{"body":6,"breadcrumbs":6,"title":1},"175":{"body":7,"breadcrumbs":6,"title":1},"176":{"body":19,"breadcrumbs":6,"title":1},"177":{"body":3,"breadcrumbs":6,"title":1},"178":{"body":16,"breadcrumbs":9,"title":4},"179":{"body":36,"breadcrumbs":6,"title":1},"18":{"body":58,"breadcrumbs":9,"title":7},"180":{"body":6,"breadcrumbs":6,"title":1},"181":{"body":5,"breadcrumbs":6,"title":1},"182":{"body":8,"breadcrumbs":6,"title":1},"183":{"body":3,"breadcrumbs":6,"title":1},"184":{"body":67,"breadcrumbs":9,"title":4},"185":{"body":26,"breadcrumbs":6,"title":1},"186":{"body":6,"breadcrumbs":6,"title":1},"187":{"body":9,"breadcrumbs":6,"title":1},"188":{"body":52,"breadcrumbs":6,"title":1},"189":{"body":9,"breadcrumbs":6,"title":1},"19":{"body":18,"breadcrumbs":6,"title":4},"190":{"body":7,"breadcrumbs":9,"title":4},"191":{"body":70,"breadcrumbs":6,"title":1},"192":{"body":6,"breadcrumbs":6,"title":1},"193":{"body":11,"breadcrumbs":6,"title":1},"194":{"body":63,"breadcrumbs":6,"title":1},"195":{"body":7,"breadcrumbs":6,"title":1},"196":{"body":15,"breadcrumbs":9,"title":4},"197":{"body":71,"breadcrumbs":6,"title":1},"198":{"body":6,"breadcrumbs":6,"title":1},"199":{"body":7,"breadcrumbs":6,"title":1},"2":{"body":322,"breadcrumbs":4,"title":3},"20":{"body":9,"breadcrumbs":8,"title":3},"200":{"body":50,"breadcrumbs":6,"title":1},"201":{"body":3,"breadcrumbs":6,"title":1},"202":{"body":29,"breadcrumbs":9,"title":4},"203":{"body":26,"breadcrumbs":6,"title":1},"204":{"body":6,"breadcrumbs":6,"title":1},"205":{"body":12,"breadcrumbs":6,"title":1},"206":{"body":9,"breadcrumbs":6,"title":1},"207":{"body":10,"breadcrumbs":6,"title":1},"208":{"body":6,"breadcrumbs":9,"title":4},"209":{"body":194,"breadcrumbs":6,"title":1},"21":{"body":9,"breadcrumbs":8,"title":3},"210":{"body":6,"breadcrumbs":6,"title":1},"211":{"body":11,"breadcrumbs":6,"title":1},"212":{"body":3,"breadcrumbs":6,"title":1},"213":{"body":9,"breadcrumbs":6,"title":1},"214":{"body":58,"breadcrumbs":7,"title":2},"215":{"body":5,"breadcrumbs":9,"title":4},"216":{"body":57,"breadcrumbs":6,"title":1},"217":{"body":6,"breadcrumbs":6,"title":1},"218":{"body":10,"breadcrumbs":6,"title":1},"219":{"body":10,"breadcrumbs":6,"title":1},"22":{"body":10,"breadcrumbs":7,"title":1},"220":{"body":10,"breadcrumbs":6,"title":1},"221":{"body":5,"breadcrumbs":9,"title":4},"222":{"body":7,"breadcrumbs":6,"title":1},"223":{"body":6,"breadcrumbs":6,"title":1},"224":{"body":8,"breadcrumbs":6,"title":1},"225":{"body":70,"breadcrumbs":6,"title":1},"226":{"body":10,"breadcrumbs":6,"title":1},"227":{"body":7,"breadcrumbs":9,"title":4},"228":{"body":10,"breadcrumbs":6,"title":1},"229":{"body":6,"breadcrumbs":6,"title":1},"23":{"body":0,"breadcrumbs":6,"title":2},"230":{"body":8,"breadcrumbs":6,"title":1},"231":{"body":68,"breadcrumbs":6,"title":1},"232":{"body":10,"breadcrumbs":6,"title":1},"233":{"body":14,"breadcrumbs":9,"title":4},"234":{"body":35,"breadcrumbs":6,"title":1},"235":{"body":6,"breadcrumbs":6,"title":1},"236":{"body":7,"breadcrumbs":6,"title":1},"237":{"body":13,"breadcrumbs":6,"title":1},"238":{"body":10,"breadcrumbs":6,"title":1},"239":{"body":5,"breadcrumbs":9,"title":4},"24":{"body":42,"breadcrumbs":7,"title":3},"240":{"body":222,"breadcrumbs":6,"title":1},"241":{"body":6,"breadcrumbs":6,"title":1},"242":{"body":7,"breadcrumbs":6,"title":1},"243":{"body":9,"breadcrumbs":6,"title":1},"244":{"body":10,"breadcrumbs":6,"title":1},"245":{"body":5,"breadcrumbs":9,"title":4},"246":{"body":8,"breadcrumbs":6,"title":1},"247":{"body":6,"breadcrumbs":6,"title":1},"248":{"body":11,"breadcrumbs":6,"title":1},"249":{"body":3,"breadcrumbs":6,"title":1},"25":{"body":24,"breadcrumbs":11,"title":7},"250":{"body":9,"breadcrumbs":6,"title":1},"251":{"body":45,"breadcrumbs":7,"title":2},"252":{"body":5,"breadcrumbs":9,"title":4},"253":{"body":24,"breadcrumbs":6,"title":1},"254":{"body":6,"breadcrumbs":6,"title":1},"255":{"body":7,"breadcrumbs":6,"title":1},"256":{"body":16,"breadcrumbs":6,"title":1},"257":{"body":11,"breadcrumbs":6,"title":1},"258":{"body":3,"breadcrumbs":9,"title":4},"259":{"body":16,"breadcrumbs":6,"title":1},"26":{"body":61,"breadcrumbs":7,"title":3},"260":{"body":6,"breadcrumbs":6,"title":1},"261":{"body":10,"breadcrumbs":6,"title":1},"262":{"body":25,"breadcrumbs":6,"title":1},"263":{"body":11,"breadcrumbs":6,"title":1},"264":{"body":19,"breadcrumbs":9,"title":4},"265":{"body":12,"breadcrumbs":6,"title":1},"266":{"body":6,"breadcrumbs":6,"title":1},"267":{"body":7,"breadcrumbs":6,"title":1},"268":{"body":45,"breadcrumbs":6,"title":1},"269":{"body":29,"breadcrumbs":6,"title":1},"27":{"body":87,"breadcrumbs":8,"title":4},"270":{"body":14,"breadcrumbs":9,"title":4},"271":{"body":8,"breadcrumbs":6,"title":1},"272":{"body":6,"breadcrumbs":6,"title":1},"273":{"body":7,"breadcrumbs":6,"title":1},"274":{"body":60,"breadcrumbs":6,"title":1},"275":{"body":11,"breadcrumbs":6,"title":1},"276":{"body":17,"breadcrumbs":9,"title":4},"277":{"body":12,"breadcrumbs":6,"title":1},"278":{"body":6,"breadcrumbs":6,"title":1},"279":{"body":10,"breadcrumbs":6,"title":1},"28":{"body":25,"breadcrumbs":7,"title":3},"280":{"body":32,"breadcrumbs":6,"title":1},"281":{"body":10,"breadcrumbs":6,"title":1},"282":{"body":23,"breadcrumbs":9,"title":4},"283":{"body":39,"breadcrumbs":6,"title":1},"284":{"body":6,"breadcrumbs":6,"title":1},"285":{"body":8,"breadcrumbs":6,"title":1},"286":{"body":27,"breadcrumbs":6,"title":1},"287":{"body":13,"breadcrumbs":6,"title":1},"288":{"body":7,"breadcrumbs":9,"title":4},"289":{"body":8,"breadcrumbs":6,"title":1},"29":{"body":41,"breadcrumbs":6,"title":2},"290":{"body":6,"breadcrumbs":6,"title":1},"291":{"body":8,"breadcrumbs":6,"title":1},"292":{"body":31,"breadcrumbs":6,"title":1},"293":{"body":10,"breadcrumbs":6,"title":1},"294":{"body":14,"breadcrumbs":9,"title":4},"295":{"body":46,"breadcrumbs":6,"title":1},"296":{"body":6,"breadcrumbs":6,"title":1},"297":{"body":6,"breadcrumbs":6,"title":1},"298":{"body":26,"breadcrumbs":6,"title":1},"299":{"body":9,"breadcrumbs":6,"title":1},"3":{"body":147,"breadcrumbs":5,"title":4},"30":{"body":45,"breadcrumbs":10,"title":6},"300":{"body":7,"breadcrumbs":9,"title":4},"301":{"body":7,"breadcrumbs":6,"title":1},"302":{"body":6,"breadcrumbs":6,"title":1},"303":{"body":9,"breadcrumbs":6,"title":1},"304":{"body":34,"breadcrumbs":6,"title":1},"305":{"body":7,"breadcrumbs":6,"title":1},"306":{"body":15,"breadcrumbs":9,"title":4},"307":{"body":10,"breadcrumbs":6,"title":1},"308":{"body":6,"breadcrumbs":6,"title":1},"309":{"body":7,"breadcrumbs":6,"title":1},"31":{"body":26,"breadcrumbs":7,"title":3},"310":{"body":36,"breadcrumbs":6,"title":1},"311":{"body":9,"breadcrumbs":6,"title":1},"312":{"body":7,"breadcrumbs":9,"title":4},"313":{"body":11,"breadcrumbs":6,"title":1},"314":{"body":6,"breadcrumbs":6,"title":1},"315":{"body":9,"breadcrumbs":6,"title":1},"316":{"body":54,"breadcrumbs":6,"title":1},"317":{"body":15,"breadcrumbs":9,"title":4},"318":{"body":11,"breadcrumbs":6,"title":1},"319":{"body":6,"breadcrumbs":6,"title":1},"32":{"body":71,"breadcrumbs":10,"title":6},"320":{"body":7,"breadcrumbs":6,"title":1},"321":{"body":3,"breadcrumbs":6,"title":1},"322":{"body":9,"breadcrumbs":6,"title":1},"323":{"body":23,"breadcrumbs":7,"title":2},"324":{"body":5,"breadcrumbs":9,"title":4},"325":{"body":6,"breadcrumbs":6,"title":1},"326":{"body":6,"breadcrumbs":6,"title":1},"327":{"body":9,"breadcrumbs":6,"title":1},"328":{"body":3,"breadcrumbs":6,"title":1},"329":{"body":8,"breadcrumbs":6,"title":1},"33":{"body":37,"breadcrumbs":6,"title":2},"330":{"body":7,"breadcrumbs":9,"title":4},"331":{"body":59,"breadcrumbs":6,"title":1},"332":{"body":6,"breadcrumbs":6,"title":1},"333":{"body":7,"breadcrumbs":6,"title":1},"334":{"body":7,"breadcrumbs":6,"title":1},"335":{"body":3,"breadcrumbs":6,"title":1},"336":{"body":7,"breadcrumbs":9,"title":4},"337":{"body":57,"breadcrumbs":6,"title":1},"338":{"body":6,"breadcrumbs":6,"title":1},"339":{"body":40,"breadcrumbs":12,"title":4},"34":{"body":17,"breadcrumbs":7,"title":3},"340":{"body":98,"breadcrumbs":11,"title":3},"341":{"body":21,"breadcrumbs":9,"title":1},"342":{"body":61,"breadcrumbs":9,"title":1},"343":{"body":25,"breadcrumbs":6,"title":1},"344":{"body":9,"breadcrumbs":6,"title":1},"345":{"body":9,"breadcrumbs":6,"title":1},"346":{"body":1,"breadcrumbs":9,"title":4},"347":{"body":46,"breadcrumbs":6,"title":1},"348":{"body":6,"breadcrumbs":6,"title":1},"349":{"body":26,"breadcrumbs":6,"title":1},"35":{"body":25,"breadcrumbs":7,"title":3},"350":{"body":34,"breadcrumbs":6,"title":1},"351":{"body":9,"breadcrumbs":6,"title":1},"352":{"body":1,"breadcrumbs":9,"title":4},"353":{"body":123,"breadcrumbs":6,"title":1},"354":{"body":6,"breadcrumbs":6,"title":1},"355":{"body":38,"breadcrumbs":10,"title":3},"356":{"body":132,"breadcrumbs":10,"title":3},"357":{"body":33,"breadcrumbs":8,"title":1},"358":{"body":23,"breadcrumbs":8,"title":1},"359":{"body":43,"breadcrumbs":6,"title":1},"36":{"body":54,"breadcrumbs":7,"title":3},"360":{"body":12,"breadcrumbs":6,"title":1},"361":{"body":9,"breadcrumbs":7,"title":2},"362":{"body":3,"breadcrumbs":6,"title":1},"363":{"body":19,"breadcrumbs":9,"title":4},"364":{"body":73,"breadcrumbs":6,"title":1},"365":{"body":6,"breadcrumbs":6,"title":1},"366":{"body":112,"breadcrumbs":6,"title":3},"367":{"body":0,"breadcrumbs":7,"title":2},"368":{"body":25,"breadcrumbs":6,"title":1},"369":{"body":30,"breadcrumbs":8,"title":3},"37":{"body":160,"breadcrumbs":7,"title":3},"370":{"body":157,"breadcrumbs":8,"title":3},"371":{"body":48,"breadcrumbs":6,"title":1},"372":{"body":86,"breadcrumbs":8,"title":3},"373":{"body":46,"breadcrumbs":6,"title":1},"374":{"body":97,"breadcrumbs":6,"title":1},"375":{"body":86,"breadcrumbs":8,"title":3},"376":{"body":33,"breadcrumbs":6,"title":1},"377":{"body":64,"breadcrumbs":6,"title":1},"378":{"body":32,"breadcrumbs":8,"title":3},"379":{"body":82,"breadcrumbs":7,"title":2},"38":{"body":42,"breadcrumbs":10,"title":6},"380":{"body":0,"breadcrumbs":9,"title":3},"381":{"body":12,"breadcrumbs":7,"title":1},"382":{"body":12,"breadcrumbs":7,"title":1},"383":{"body":138,"breadcrumbs":7,"title":1},"384":{"body":300,"breadcrumbs":8,"title":2},"385":{"body":171,"breadcrumbs":9,"title":3},"386":{"body":191,"breadcrumbs":8,"title":2},"387":{"body":110,"breadcrumbs":8,"title":2},"388":{"body":58,"breadcrumbs":8,"title":2},"389":{"body":19,"breadcrumbs":8,"title":2},"39":{"body":13,"breadcrumbs":7,"title":3},"390":{"body":0,"breadcrumbs":5,"title":1},"391":{"body":37,"breadcrumbs":7,"title":3},"392":{"body":28,"breadcrumbs":5,"title":1},"393":{"body":34,"breadcrumbs":6,"title":2},"394":{"body":98,"breadcrumbs":8,"title":4},"395":{"body":69,"breadcrumbs":10,"title":6},"396":{"body":0,"breadcrumbs":5,"title":1},"397":{"body":27,"breadcrumbs":6,"title":2},"398":{"body":28,"breadcrumbs":5,"title":1},"399":{"body":38,"breadcrumbs":6,"title":2},"4":{"body":132,"breadcrumbs":3,"title":2},"40":{"body":66,"breadcrumbs":10,"title":6},"400":{"body":98,"breadcrumbs":7,"title":3},"401":{"body":93,"breadcrumbs":6,"title":2},"402":{"body":41,"breadcrumbs":7,"title":3},"403":{"body":18,"breadcrumbs":8,"title":4},"404":{"body":55,"breadcrumbs":7,"title":3},"405":{"body":31,"breadcrumbs":9,"title":3},"406":{"body":29,"breadcrumbs":10,"title":4},"407":{"body":41,"breadcrumbs":10,"title":4},"408":{"body":49,"breadcrumbs":11,"title":4},"409":{"body":77,"breadcrumbs":9,"title":2},"41":{"body":12,"breadcrumbs":6,"title":2},"410":{"body":20,"breadcrumbs":9,"title":2},"411":{"body":49,"breadcrumbs":9,"title":2},"412":{"body":140,"breadcrumbs":12,"title":5},"413":{"body":0,"breadcrumbs":9,"title":3},"414":{"body":41,"breadcrumbs":7,"title":1},"415":{"body":155,"breadcrumbs":8,"title":2},"416":{"body":20,"breadcrumbs":11,"title":5},"417":{"body":11,"breadcrumbs":8,"title":2},"418":{"body":26,"breadcrumbs":8,"title":2},"419":{"body":15,"breadcrumbs":7,"title":1},"42":{"body":17,"breadcrumbs":7,"title":3},"420":{"body":14,"breadcrumbs":8,"title":2},"421":{"body":17,"breadcrumbs":9,"title":3},"422":{"body":31,"breadcrumbs":8,"title":2},"423":{"body":1,"breadcrumbs":8,"title":2},"424":{"body":46,"breadcrumbs":8,"title":2},"425":{"body":25,"breadcrumbs":8,"title":2},"426":{"body":91,"breadcrumbs":11,"title":4},"427":{"body":83,"breadcrumbs":10,"title":3},"428":{"body":139,"breadcrumbs":9,"title":2},"429":{"body":27,"breadcrumbs":9,"title":2},"43":{"body":23,"breadcrumbs":7,"title":3},"430":{"body":179,"breadcrumbs":10,"title":3},"431":{"body":37,"breadcrumbs":7,"title":2},"432":{"body":129,"breadcrumbs":7,"title":2},"433":{"body":0,"breadcrumbs":8,"title":3},"434":{"body":16,"breadcrumbs":7,"title":2},"435":{"body":12,"breadcrumbs":7,"title":2},"436":{"body":97,"breadcrumbs":8,"title":3},"437":{"body":72,"breadcrumbs":7,"title":2},"438":{"body":110,"breadcrumbs":11,"title":6},"439":{"body":112,"breadcrumbs":11,"title":6},"44":{"body":54,"breadcrumbs":7,"title":3},"440":{"body":100,"breadcrumbs":14,"title":9},"441":{"body":7,"breadcrumbs":11,"title":3},"442":{"body":246,"breadcrumbs":11,"title":3},"443":{"body":11,"breadcrumbs":10,"title":2},"444":{"body":45,"breadcrumbs":10,"title":2},"445":{"body":54,"breadcrumbs":11,"title":3},"446":{"body":25,"breadcrumbs":9,"title":1},"447":{"body":14,"breadcrumbs":7,"title":2},"448":{"body":45,"breadcrumbs":7,"title":2},"449":{"body":86,"breadcrumbs":9,"title":4},"45":{"body":123,"breadcrumbs":7,"title":3},"450":{"body":91,"breadcrumbs":7,"title":2},"451":{"body":294,"breadcrumbs":7,"title":2},"452":{"body":86,"breadcrumbs":7,"title":2},"453":{"body":30,"breadcrumbs":4,"title":2},"454":{"body":122,"breadcrumbs":8,"title":3},"455":{"body":2,"breadcrumbs":7,"title":2},"456":{"body":78,"breadcrumbs":6,"title":1},"457":{"body":20,"breadcrumbs":6,"title":1},"458":{"body":104,"breadcrumbs":8,"title":3},"459":{"body":38,"breadcrumbs":10,"title":5},"46":{"body":32,"breadcrumbs":9,"title":5},"460":{"body":14,"breadcrumbs":8,"title":3},"461":{"body":37,"breadcrumbs":8,"title":3},"462":{"body":37,"breadcrumbs":8,"title":3},"463":{"body":18,"breadcrumbs":8,"title":3},"464":{"body":40,"breadcrumbs":9,"title":4},"465":{"body":29,"breadcrumbs":7,"title":2},"466":{"body":45,"breadcrumbs":6,"title":1},"467":{"body":242,"breadcrumbs":9,"title":4},"468":{"body":143,"breadcrumbs":9,"title":4},"469":{"body":45,"breadcrumbs":9,"title":4},"47":{"body":20,"breadcrumbs":15,"title":11},"470":{"body":132,"breadcrumbs":9,"title":4},"471":{"body":105,"breadcrumbs":9,"title":4},"472":{"body":93,"breadcrumbs":10,"title":5},"473":{"body":130,"breadcrumbs":10,"title":5},"474":{"body":111,"breadcrumbs":8,"title":3},"475":{"body":119,"breadcrumbs":8,"title":3},"476":{"body":128,"breadcrumbs":9,"title":4},"477":{"body":35,"breadcrumbs":9,"title":4},"478":{"body":66,"breadcrumbs":10,"title":5},"479":{"body":102,"breadcrumbs":10,"title":5},"48":{"body":0,"breadcrumbs":9,"title":4},"480":{"body":203,"breadcrumbs":6,"title":1},"481":{"body":200,"breadcrumbs":6,"title":1},"482":{"body":357,"breadcrumbs":7,"title":2},"483":{"body":200,"breadcrumbs":9,"title":4},"484":{"body":19,"breadcrumbs":7,"title":2},"485":{"body":60,"breadcrumbs":12,"title":5},"486":{"body":2,"breadcrumbs":9,"title":2},"487":{"body":54,"breadcrumbs":8,"title":1},"488":{"body":20,"breadcrumbs":8,"title":1},"489":{"body":37,"breadcrumbs":10,"title":3},"49":{"body":54,"breadcrumbs":6,"title":1},"490":{"body":24,"breadcrumbs":10,"title":3},"491":{"body":46,"breadcrumbs":10,"title":3},"492":{"body":25,"breadcrumbs":11,"title":4},"493":{"body":16,"breadcrumbs":12,"title":5},"494":{"body":40,"breadcrumbs":8,"title":1},"495":{"body":160,"breadcrumbs":11,"title":4},"496":{"body":32,"breadcrumbs":11,"title":4},"497":{"body":59,"breadcrumbs":8,"title":1},"498":{"body":45,"breadcrumbs":8,"title":1},"499":{"body":51,"breadcrumbs":9,"title":2},"5":{"body":94,"breadcrumbs":4,"title":3},"50":{"body":78,"breadcrumbs":10,"title":5},"500":{"body":125,"breadcrumbs":3,"title":2},"501":{"body":13,"breadcrumbs":8,"title":4},"502":{"body":60,"breadcrumbs":6,"title":2},"503":{"body":30,"breadcrumbs":6,"title":2},"504":{"body":88,"breadcrumbs":5,"title":1},"505":{"body":284,"breadcrumbs":5,"title":1},"506":{"body":31,"breadcrumbs":7,"title":3},"507":{"body":0,"breadcrumbs":6,"title":2},"508":{"body":54,"breadcrumbs":6,"title":2},"509":{"body":12,"breadcrumbs":6,"title":2},"51":{"body":41,"breadcrumbs":7,"title":2},"510":{"body":0,"breadcrumbs":6,"title":2},"511":{"body":210,"breadcrumbs":7,"title":3},"512":{"body":0,"breadcrumbs":7,"title":3},"513":{"body":28,"breadcrumbs":7,"title":3},"514":{"body":16,"breadcrumbs":7,"title":3},"515":{"body":0,"breadcrumbs":5,"title":1},"516":{"body":91,"breadcrumbs":7,"title":3},"517":{"body":61,"breadcrumbs":6,"title":2},"518":{"body":146,"breadcrumbs":5,"title":1},"519":{"body":108,"breadcrumbs":9,"title":4},"52":{"body":82,"breadcrumbs":8,"title":3},"520":{"body":328,"breadcrumbs":7,"title":2},"521":{"body":185,"breadcrumbs":7,"title":2},"522":{"body":194,"breadcrumbs":7,"title":2},"523":{"body":14,"breadcrumbs":7,"title":3},"524":{"body":72,"breadcrumbs":6,"title":2},"525":{"body":33,"breadcrumbs":6,"title":2},"526":{"body":53,"breadcrumbs":6,"title":2},"527":{"body":124,"breadcrumbs":6,"title":2},"528":{"body":55,"breadcrumbs":7,"title":3},"529":{"body":96,"breadcrumbs":7,"title":3},"53":{"body":65,"breadcrumbs":9,"title":4},"530":{"body":15,"breadcrumbs":6,"title":2},"531":{"body":97,"breadcrumbs":8,"title":4},"532":{"body":97,"breadcrumbs":6,"title":2},"533":{"body":47,"breadcrumbs":6,"title":2},"534":{"body":207,"breadcrumbs":6,"title":2},"535":{"body":242,"breadcrumbs":7,"title":3},"536":{"body":12,"breadcrumbs":2,"title":1},"537":{"body":0,"breadcrumbs":5,"title":2},"538":{"body":40,"breadcrumbs":4,"title":1},"539":{"body":285,"breadcrumbs":4,"title":1},"54":{"body":201,"breadcrumbs":7,"title":2},"540":{"body":156,"breadcrumbs":5,"title":2},"541":{"body":429,"breadcrumbs":6,"title":3},"542":{"body":287,"breadcrumbs":5,"title":2},"543":{"body":98,"breadcrumbs":5,"title":2},"544":{"body":45,"breadcrumbs":6,"title":3},"545":{"body":169,"breadcrumbs":5,"title":2},"546":{"body":103,"breadcrumbs":5,"title":2},"547":{"body":270,"breadcrumbs":4,"title":1},"548":{"body":11,"breadcrumbs":6,"title":3},"549":{"body":0,"breadcrumbs":4,"title":1},"55":{"body":344,"breadcrumbs":10,"title":5},"550":{"body":90,"breadcrumbs":6,"title":3},"551":{"body":128,"breadcrumbs":6,"title":3},"552":{"body":73,"breadcrumbs":5,"title":2},"553":{"body":168,"breadcrumbs":6,"title":3},"554":{"body":48,"breadcrumbs":5,"title":2},"56":{"body":235,"breadcrumbs":10,"title":5},"57":{"body":158,"breadcrumbs":9,"title":4},"58":{"body":160,"breadcrumbs":8,"title":3},"59":{"body":209,"breadcrumbs":8,"title":3},"6":{"body":97,"breadcrumbs":5,"title":4},"60":{"body":52,"breadcrumbs":8,"title":3},"61":{"body":115,"breadcrumbs":10,"title":5},"62":{"body":0,"breadcrumbs":4,"title":2},"63":{"body":76,"breadcrumbs":4,"title":2},"64":{"body":20,"breadcrumbs":6,"title":4},"65":{"body":64,"breadcrumbs":7,"title":4},"66":{"body":0,"breadcrumbs":7,"title":2},"67":{"body":25,"breadcrumbs":6,"title":1},"68":{"body":72,"breadcrumbs":6,"title":1},"69":{"body":131,"breadcrumbs":7,"title":2},"7":{"body":119,"breadcrumbs":4,"title":3},"70":{"body":265,"breadcrumbs":7,"title":2},"71":{"body":41,"breadcrumbs":8,"title":3},"72":{"body":104,"breadcrumbs":8,"title":3},"73":{"body":46,"breadcrumbs":6,"title":1},"74":{"body":58,"breadcrumbs":7,"title":2},"75":{"body":128,"breadcrumbs":7,"title":2},"76":{"body":334,"breadcrumbs":7,"title":2},"77":{"body":45,"breadcrumbs":7,"title":2},"78":{"body":38,"breadcrumbs":9,"title":4},"79":{"body":77,"breadcrumbs":8,"title":3},"8":{"body":21,"breadcrumbs":4,"title":3},"80":{"body":216,"breadcrumbs":9,"title":4},"81":{"body":80,"breadcrumbs":7,"title":2},"82":{"body":15,"breadcrumbs":8,"title":3},"83":{"body":0,"breadcrumbs":7,"title":2},"84":{"body":26,"breadcrumbs":6,"title":1},"85":{"body":40,"breadcrumbs":6,"title":1},"86":{"body":26,"breadcrumbs":6,"title":1},"87":{"body":0,"breadcrumbs":7,"title":2},"88":{"body":10,"breadcrumbs":7,"title":2},"89":{"body":74,"breadcrumbs":7,"title":2},"9":{"body":0,"breadcrumbs":5,"title":3},"90":{"body":74,"breadcrumbs":8,"title":3},"91":{"body":50,"breadcrumbs":7,"title":2},"92":{"body":54,"breadcrumbs":8,"title":3},"93":{"body":193,"breadcrumbs":8,"title":3},"94":{"body":150,"breadcrumbs":7,"title":2},"95":{"body":114,"breadcrumbs":6,"title":1},"96":{"body":33,"breadcrumbs":6,"title":1},"97":{"body":90,"breadcrumbs":8,"title":3},"98":{"body":49,"breadcrumbs":6,"title":1},"99":{"body":66,"breadcrumbs":6,"title":1}},"docs":{"0":{"body":"Parsec Logo Parsec is the P latform A bst R action for SEC urity, an open-source initiative to provide a common API to secure services in a platform-agnostic way. Parsec is a Cloud Native Compute Foundation Sandbox project. Find here all the technical documentation of Parsec, alongside user and developer guides. Go straight to the overview to learn more about the project! Check out the Getting Started guides to quickly try out Parsec! Then, depending on what you want to know, you can go to the users , client developers , service developers or security sections. Don't hesitate to ask any question you would have when reading on our Community Slack Channel ! Parsec and all the repositories under the parallaxsecond organization are provided under Apache-2.0. Contributions to this project are accepted under the same license. Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Introduction","id":"0","title":"Introduction"},"1":{"body":"Parsec is the P latform A bst R action for SEC urity, a new open-source initiative to provide a common API to secure services in a platform-agnostic way. Parsec aims to define a universal software standard for interacting with secure object storage and cryptography services, creating a common way to interface with functions that would traditionally have been accessed by more specialised APIs. Parsec establishes an ecosystem of developer-friendly libraries in a variety of popular programming languages. Each library is designed to be highly ergonomic and simple to consume. This growing ecosystem will put secure facilities at the fingertips of developers across a broad range of use cases in infrastructure computing, edge computing and the secure Internet of Things.","breadcrumbs":"Overview » Welcome to Parsec","id":"1","title":"Welcome to Parsec"},"10":{"body":"Welcome to the Parsec Getting Started guide. Take a look through the headings below and follow the links that best describe what you would like to do.","breadcrumbs":"Getting Started » Welcome!","id":"10","title":"Welcome!"},"100":{"body":"","breadcrumbs":"Parsec for client developers » Wire Protocol » Message Structure Specifications","id":"100","title":"Message Structure Specifications"},"101":{"body":"This section provides a complete specification for the interpretation of messages. Based on this specification, service and client code can be created to both consume and produce conformant messages on any suitable transport medium. All multi-byte numerical fields are transported in little-endian format: the least significant byte is sent first.","breadcrumbs":"Parsec for client developers » Wire Protocol » General Rules","id":"101","title":"General Rules"},"102":{"body":"Requests and responses share a common fixed-format header whose specification is given below. Because the header format is the same for requests and responses, it means that some of the data fields in the header are unused/ignored depending on whether the header is an outgoing request (being transmitted from the client to the service), or an incoming response (being returned from the service back to the client). However, most fields are relevant and common to both. Each field is annotated according to the following scheme: \"Common\" indicates that the field is common to both request messages and response messages. \"Requests only\" indicates that the field is only used in requests and must be ignored in responses. In a response, these fields should be set to a value of zero. \"Responses only\" indicates that the field is only used in responses and must be ignored in requests. In a request, these fields should be set to a value of zero. Fields occur in contiguous memory and there must be no additional padding between them. On the following diagram, the bytes go left to right from least significant to most significant. Header Structure Name Scheme Size (in bytes) Description Magic number Common 4 Must be 0x5EC0A710 (selected to be an approximate transcoding of SECurity API). This field can be used as an initial validity check for incoming messages. This field must be populated in all messages. This field will remain the same across different wire protocol versions. Header size Common 2 Size of the remainder of the header in bytes (once the magic number and header size fields have been consumed). Consumers must use this field to consume the correct number of bytes of header from the input stream, rather than use this specification to deduce the header size. This field's position and width will remain the same across different wire protocol versions. Only the value of this field may change between versions. Major version number Common 1 Versioning field. Currently the only supported and valid value for this field is 0x01. This field's position and width will remain the same across different wire protocol versions. Only the value of this field may change between versions. Minor version number Common 1 Versioning sub-field. Currently the only supported and valid value for this field is 0x00. This field's position and width will remain the same across different wire protocol versions. Only the value of this field may change between versions. Flags Common 2 Currently unused and should be set to 0x0000. Provider Common 1 Identify the back-end service provider for which the request is intended. A value of zero indicates that the request is intended for a special provider, which always exists, and is used for service discovery and communication bootstrapping. Session handle Common 8 Session identifier. Content type Common 1 Defines how the message body should be processed. The only currently-supported value is 0x00, which indicates that the message body should be treated as a serialized protobuf message. Accept type Requests only 1 Defines how the service should provide its response. The only currently-supported value is 0x00, which indicates that the service should provide a response whose body is a serialized protobuf message. Auth type Requests only 1 Defines how the authentication bytes should be interpreted. See the authentication section above. Content length Common 4 Provides the exact number of bytes of body. Auth length Requests only 2 Provides the exact number of bytes of authentication. Opcode Common 4 Indicates the operation being performed by this request. See the section above on opcodes. Status Responses only 2 Indicates the overall success or failure of the operation. A value of zero is used universally to mean success. Other values should be interpreted according to the API specification . Reserved Common 2 Currently unused and must be set to zero.","breadcrumbs":"Parsec for client developers » Wire Protocol » The Fixed Common Header","id":"102","title":"The Fixed Common Header"},"103":{"body":"A request message begins with the fixed-format header as specified above, followed contiguously by a variable-length field of zero or more message body bytes, which is in turn followed contiguously in memory by a variable-length field of zero or more authentication bytes. The interpretation of the body and authentication bytes is specified by the relevant fields in the fixed-format header. The request body bytes must immediately follow the request header bytes, and the size of the body must precisely match the Content Length field of the header with no additional padding or alignment. The authentication bytes must immediately follow the request body bytes, and the size of the authentication field must precisely match the Auth Length field of the header with no additional padding or alignment. Wire Request","breadcrumbs":"Parsec for client developers » Wire Protocol » Requests","id":"103","title":"Requests"},"104":{"body":"A response message begins with the fixed-format header as specified above, followed contiguously by a variable-length field of zero or more message body bytes. The interpretation of the body is specified by the relevant fields in the fixed-format header. The response body bytes must immediately follow the response header bytes, and the size of the body must precisely match the Content Length field of the header with no additional padding or alignment. Wire Response Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Wire Protocol » Responses","id":"104","title":"Responses"},"105":{"body":"The value 0, Success, is for a successful operation.","breadcrumbs":"Parsec for client developers » Status Codes » Response Status Codes","id":"105","title":"Response Status Codes"},"106":{"body":"These codes originate in components in the service outside of the Provide trait implementation by the providers. Response Status Code Value Descrption WrongProviderID 1 Requested provider ID does not match that of the backend ContentTypeNotSupported 2 Requested content type is not supported by the backend AcceptTypeNotSupported 3 Requested accept type is not supported by the backend WireProtocolVersionNotSupported 4 Requested version is not supported by the backend ProviderNotRegistered 5 No provider registered for the requested provider ID ProviderDoesNotExist 6 No provider defined for requested provider ID DeserializingBodyFailed 7 Failed to deserialize the body of the message SerializingBodyFailed 8 Failed to serialize the body of the message OpcodeDoesNotExist 9 Requested operation is not defined ResponseTooLarge 10 Response size exceeds allowed limits AuthenticationError 11 Authentication failed AuthenticatorDoesNotExist 12 Authenticator not supported AuthenticatorNotRegistered 13 Authenticator not supported KeyInfoManagerError 14 Internal error in the Key Info Manager ConnectionError 15 Generic input/output error InvalidEncoding 16 Invalid value for this data type InvalidHeader 17 Constant fields in header are invalid WrongProviderUuid 18 The UUID vector needs to only contain 16 bytes NotAuthenticated 19 Request did not provide a required authentication BodySizeExceedsLimit 20 Request length specified in the header is above defined limit AdminOperation 21 The operation requires admin privilege","breadcrumbs":"Parsec for client developers » Status Codes » Service Internal Response Status Codes","id":"106","title":"Service Internal Response Status Codes"},"107":{"body":"These codes originate from within the Provide trait implementation. Response Status Code Value Descrption PsaErrorGenericError 1132 An error occurred that does not correspond to any defined failure cause PsaErrorNotPermitted 1133 The requested action is denied by a policy PsaErrorNotSupported 1134 The requested operation or a parameter is not supported by this implementation PsaErrorInvalidArgument 1135 The parameters passed to the function are invalid PsaErrorInvalidHandle 1136 The key handle is not valid PsaErrorBadState 1137 The requested action cannot be performed in the current state PsaErrorBufferTooSmall 1138 An output buffer is too small PsaErrorAlreadyExists 1139 Asking for an item that already exists PsaErrorDoesNotExist 1140 Asking for an item that doesn't exist PsaErrorInsufficientMemory 1141 There is not enough runtime memory PsaErrorInsufficientStorage 1142 There is not enough persistent storage available PsaErrorInssuficientData 1143 Insufficient data when attempting to read from a resource PsaErrorCommunicationFailure 1145 There was a communication failure inside the implementation PsaErrorStorageFailure 1146 There was a storage failure that may have led to data loss PsaErrorHardwareFailure 1147 A hardware failure was detected PsaErrorInsufficientEntropy 1148 There is not enough entropy to generate random data needed for the requested action PsaErrorInvalidSignature 1149 The signature, MAC or hash is incorrect PsaErrorInvalidPadding 1150 The decrypted padding is incorrect PsaErrorCorruptionDetected 1151 A tampering attempt was detected PsaErrorDataCorrupt 1152 Stored data has been corrupted Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Status Codes » PSA Response Status Codes","id":"107","title":"PSA Response Status Codes"},"108":{"body":"If a client library does not already exist in your preferred programming language, you can create one. Writing a new client library is a great way to enhance the Parsec client ecosystem. When creating a new client library, please make sure you understand the Parsec philosophy for client libraries . It is very important that you design your client library to provide a highly ergonomic and idiomatic developer experience. You will need to understand the wire protocol specification and the API specification in depth in order to create a client library. You will need to know which Listener the Parsec service is currently using and how it was configured in order to communicate with it. Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Writing a new Parsec Client Library » Writing a new Parsec Client Library","id":"108","title":"Writing a new Parsec Client Library"},"109":{"body":"","breadcrumbs":"Parsec for client developers » Operations » Operations","id":"109","title":"Operations"},"11":{"body":"The installation guide includes a quick method that you can use to see if Parsec is already installed and running on your system.","breadcrumbs":"Getting Started » I Want to Check if Parsec is Running","id":"11","title":"I Want to Check if Parsec is Running"},"110":{"body":"This document provides links to full descriptions for all of the operations in the API. The operations are defined in a format-neutral language where types can easily and implicitely be translated to the specific operation implementation language used.","breadcrumbs":"Parsec for client developers » Operations » Introduction","id":"110","title":"Introduction"},"111":{"body":"Operation Opcode Ping 0x0001 PsaGenerateKey 0x0002 PsaDestroyKey 0x0003 PsaSignHash 0x0004 PsaVerifyHash 0x0005 PsaImportKey 0x0006 PsaExportPublicKey 0x0007 ListProviders 0x0008 ListOpcodes 0x0009 PsaAsymmetricEncrypt 0x000A PsaAsymmetricDecrypt 0x000B PsaExportKey 0x000C PsaGenerateRandom 0x000D ListAuthenticators 0x000E PsaHashCompute 0x000F PsaHashCompare 0x0010 PsaAeadEncrypt 0x0011 PsaAeadDecrypt 0x0012 PsaRawKeyAgreement 0x0013 PsaCipherEncrypt 0x0014 PsaCipherDecrypt 0x0015 PsaMacCompute 0x0016 PsaMacVerify 0x0017 PsaSignMessage 0x0018 PsaVerifyMessage 0x0019 ListKeys 0x001A ListClients 0x001B DeleteClient 0x001C AttestKey 0x001E PrepareKeyAttestation 0x001F CanDoCrypto 0x0020 Find here the current level of support of those operations in Parsec.","breadcrumbs":"Parsec for client developers » Operations » Overview","id":"111","title":"Overview"},"112":{"body":"Core operations are non-cryptographic operations supported by the core provider. Set the provider field of the request header to 0 (0x00) to invoke these operations. Some operations are reserved for administrators . They are marked below with \" (admin) \". These operations can only be executed by a set of application names chosen by the Parsec administrator. If user applications try to execute those operations, a AdminOperation response status error code will be returned.","breadcrumbs":"Parsec for client developers » Operations » Core Operations","id":"112","title":"Core Operations"},"113":{"body":"Ping","breadcrumbs":"Parsec for client developers » Operations » Service Health","id":"113","title":"Service Health"},"114":{"body":"ListProviders ListOpcodes ListAuthenticators ListKeys ListClients (admin) DeleteClient (admin)","breadcrumbs":"Parsec for client developers » Operations » Service Configuration","id":"114","title":"Service Configuration"},"115":{"body":"These operations are all derived from equivalent function definitions in the PSA Crypto API Specification . Most of the documentation in this book directly come from the specification.","breadcrumbs":"Parsec for client developers » Operations » PSA Crypto Operations","id":"115","title":"PSA Crypto Operations"},"116":{"body":"PsaImportKey PsaGenerateKey PsaDestroyKey PsaExportKey PsaExportPublicKey","breadcrumbs":"Parsec for client developers » Operations » Key Management","id":"116","title":"Key Management"},"117":{"body":"PsaHashCompute PsaHashCompare","breadcrumbs":"Parsec for client developers » Operations » Message Digests","id":"117","title":"Message Digests"},"118":{"body":"PsaMacCompute PsaMacVerify","breadcrumbs":"Parsec for client developers » Operations » Message Authentication Codes (MAC)","id":"118","title":"Message Authentication Codes (MAC)"},"119":{"body":"PsaCipherEncrypt PsaCipherDecrypt","breadcrumbs":"Parsec for client developers » Operations » Unauthenticated Ciphers","id":"119","title":"Unauthenticated Ciphers"},"12":{"body":"There are a few different ways to get the Parsec service up and running on your system. You may be able to install via your package manager, or use a different method. Go here to check out your installation options.","breadcrumbs":"Getting Started » I Want to Install the Parsec Service","id":"12","title":"I Want to Install the Parsec Service"},"120":{"body":"PsaAeadEncrypt PsaAeadDecrypt","breadcrumbs":"Parsec for client developers » Operations » Authenticated Encryption with Associated Data (AEAD)","id":"120","title":"Authenticated Encryption with Associated Data (AEAD)"},"121":{"body":"PsaSignMessage PsaVerifyMessage PsaSignHash PsaVerifyHash","breadcrumbs":"Parsec for client developers » Operations » Asymmetric Signature","id":"121","title":"Asymmetric Signature"},"122":{"body":"PsaAsymmetricEncrypt PsaAsymmetricDecrypt","breadcrumbs":"Parsec for client developers » Operations » Asymmetric Encryption","id":"122","title":"Asymmetric Encryption"},"123":{"body":"PsaRawKeyAgreement","breadcrumbs":"Parsec for client developers » Operations » Key Agreement","id":"123","title":"Key Agreement"},"124":{"body":"PsaGenerateRandom","breadcrumbs":"Parsec for client developers » Operations » Random Number Generation","id":"124","title":"Random Number Generation"},"125":{"body":"These operations are not derived from PSA Crypto, but nonetheless perform tasks with backing from hardware tokens.","breadcrumbs":"Parsec for client developers » Operations » Other operations","id":"125","title":"Other operations"},"126":{"body":"(EXPERIMENTAL) These operations are in an experimental phase. No guarantees are offered around the stability of their contracts or abstract interfaces. PrepareKeyAttestation AttestKey","breadcrumbs":"Parsec for client developers » Operations » Key attestation","id":"126","title":"Key attestation"},"127":{"body":"(EXPERIMENTAL) These operations are in an experimental phase. No guarantees are offered around the stability of their contracts or abstract interfaces. CanDoCrypto Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » Capability discovery","id":"127","title":"Capability discovery"},"128":{"body":"These tables define the current level of coverage in Parsec for the operations and their parameters. Only the operations specified and that have a dedicated page are put in the following table. Not all parameters (key types, algorithms) of the operation might be supported. See the following sections for details. Operation \\ Provider Core Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library Ping ✅ 🚫 🚫 🚫 🚫 🚫 ListProviders ✅ 🚫 🚫 🚫 🚫 🚫 ListOpcodes ✅ 🚫 🚫 🚫 🚫 🚫 ListAuthenticators ✅ 🚫 🚫 🚫 🚫 🚫 ListKeys ✅ 🚫 🚫 🚫 🚫 🚫 DeleteClient ✅ 🚫 🚫 🚫 🚫 🚫 ListClients ✅ 🚫 🚫 🚫 🚫 🚫 PsaImportKey 🚫 ✅ ✅ ✅ ✅ ✅ PsaGenerateKey 🚫 ✅ ✅ ✅ ✅ ✅ PsaDestroyKey 🚫 ✅ ✅ ✅ ✅ ✅ PsaExportKey 🚫 ✅ ❌ ❌ ✅ ✅ PsaExportPublicKey 🚫 ✅ ✅ ✅ ✅ ✅ PsaHashCompute 🚫 ✅ ❌ ❌ ❌ ✅ PsaHashCompare 🚫 ✅ ❌ ❌ ❌ ✅ PsaMacCompute 🚫 ❌ ❌ ❌ ❌ ❌ PsaMacVerify 🚫 ❌ ❌ ❌ ❌ ❌ PsaCipherEncrypt 🚫 ❌ ❌ ❌ ❌ ✅ PsaCipherDecrypt 🚫 ❌ ❌ ❌ ❌ ✅ PsaAeadEncrypt 🚫 ✅ ❌ ❌ ❌ ✅ PsaAeadDecrypt 🚫 ✅ ❌ ❌ ❌ ✅ PsaSignMessage 🚫 ❌ ❌ ❌ ❌ ✅ PsaVerifyMessage 🚫 ❌ ❌ ❌ ❌ ✅ PsaSignHash 🚫 ✅ ✅ ✅ ✅ ✅ PsaVerifyHash 🚫 ✅ ✅ ✅ ✅ ✅ PsaAsymmetricEncrypt 🚫 ✅ ✅ ✅ ✅ ❌ PsaAsymmetricDecrypt 🚫 ✅ ✅ ✅ ✅ ❌ PsaRawKeyAgreement 🚫 ✅ ❌ ❌ ❌ ✅ PsaGenerateRandom 🚫 ✅ ✅ ✅ ✅ ✅ AttestKey 🚫 ❌ ❌ ✅ ❌ ❌ PrepareKeyAttestation 🚫 ❌ ❌ ✅ ❌ ❌ CanDoCrypto 🚫 ✅ ✅ ✅ ✅ ❌ ✅: The provider supports the operation (maybe not all of its parameters, check below). 🚫: The operation is not meant to be implemented on this provider (core operation on a crypto provider or opposite). ❌: The provider does not currently support the operation.","breadcrumbs":"Parsec for client developers » Operations » Parsec Operations Coverage » Parsec Operations Coverage","id":"128","title":"Parsec Operations Coverage"},"129":{"body":"This table describe if the following key types are supported for key management operations. Key type \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library RawData ✅ ❌ ❌ ❌ ✅ Hmac ❌ ❌ ❌ ❌ ❌ Derive ❌ ❌ ❌ ❌ ❌ Aes ✅ ❌ ❌ ❌ ✅ Des ❌ ❌ ❌ ❌ ❌ Camellia ✅ ❌ ❌ ❌ ❌ Arc4 ❌ ❌ ❌ ❌ ❌ Chacha20 ✅ ❌ ❌ ❌ ❌ RsaPublicKey ✅ ✅ ✅ ✅ ❌ RsaKeyPair ✅ ✅ ✅ ✅ ❌ EccKeyPair ✅ ✅ ✅ ✅ ✅ EccPublicKey ✅ ✅ ✅ ✅ ✅ DhKeyPair ✅ ❌ ❌ ❌ ❌ DhPublicKey ✅ ❌ ❌ ❌ ❌","breadcrumbs":"Parsec for client developers » Operations » Parsec Operations Coverage » Key types support","id":"129","title":"Key types support"},"13":{"body":"You can consume Parsec API's in several programming languages. You can learn how to do this here .","breadcrumbs":"Getting Started » I Want to Use Parsec API's in My Own Code","id":"13","title":"I Want to Use Parsec API's in My Own Code"},"130":{"body":"This table describes if the following elliptic curve families are supported. Not all curves from those families might be supported. ECC Curve Family \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library SECP-K1 ✅ ❌ ❌ ✅ ❌ SECP-R1 ✅ ✅ ✅ ✅ ✅ SECP-R2 ✅ ❌ ❌ ✅ ❌ SECT-K1 ✅ ❌ ❌ ✅ ❌ SECT-R1 ✅ ❌ ❌ ✅ ❌ SECT-R2 ✅ ❌ ❌ ✅ ❌ Brainpool P R1 ✅ ❌ ❌ ✅ ❌ FRP ❌ ❌ ❌ ❌ ❌ Montgomery ✅ ❌ ❌ ✅ ❌","breadcrumbs":"Parsec for client developers » Operations » Parsec Operations Coverage » Elliptic curve families","id":"130","title":"Elliptic curve families"},"131":{"body":"These tables describe if the following algorithms are supported in all cryptographic operations they could be used in. Hash algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library MD2 ✅ ❌ ❌ ✅ ❌ MD4 ✅ ❌ ❌ ✅ ❌ MD5 ✅ ❌ ❌ ✅ ❌ RIPEMD-160 ✅ ❌ ❌ ✅ ❌ SHA-1 ✅ ✅ ✅ ✅ ❌ SHA-224 ✅ ✅ ❌ ✅ ❌ SHA-256 ✅ ✅ ✅ ✅ ✅ SHA-384 ✅ ✅ ✅ ✅ ❌ SHA-512 ✅ ✅ ✅ ✅ ❌ SHA-512/224 ✅ ❌ ❌ ✅ ❌ SHA-512/256 ✅ ❌ ❌ ✅ ❌ SHA3-224 ✅ ❌ ❌ ✅ ❌ SHA3-256 ✅ ❌ ✅ ✅ ❌ SHA3-384 ✅ ❌ ✅ ✅ ❌ SHA3-512 ✅ ❌ ✅ ✅ ❌ MAC algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library HMAC ❌ ❌ ❌ ❌ ❌ CBC-MAC ❌ ❌ ❌ ❌ ❌ CMAC ❌ ❌ ❌ ❌ ❌ Cipher algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library Stream Cipher ❌ ❌ ❌ ❌ ❌ CTR ❌ ❌ ❌ ❌ ✅ CFB ❌ ❌ ❌ ❌ ✅ OFB ❌ ❌ ❌ ❌ ✅ XTS ❌ ❌ ❌ ❌ ❌ ECB with no padding ❌ ❌ ❌ ❌ ✅ CBC with no padding ❌ ❌ ❌ ❌ ✅ CBCP with PKCS#7 padding ❌ ❌ ❌ ❌ ✅ AEAD algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library CCM ✅ ❌ ❌ ❌ ✅ GCM ✅ ❌ ❌ ❌ ✅ ChaCha20-Poly1305 ✅ ❌ ❌ ❌ ❌ Asymmetric signature algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library RSA PKCS#1 v1.5 signature with hashing ✅ ✅ ✅ ✅ ❌ Raw PKCS#1 v1.5 signature ✅ ❌ ❌ ❌ ❌ RSA PSS signature with hashing ✅ ✅ ❌ ❌ ❌ ECDSA signature with hashing ✅ ✅ ✅ ✅ ✅ ECDSA signature without hashing ✅ ❌ ❌ ❌ ❌ Deterministic ECDSA signature with hashing ✅ ❌ ❌ ❌ ❌ Asymmetric encryption algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library RSA PKCS#1 v1.5 encryption ✅ ✅ ✅ ❌ ❌ RSA OAEP encryption ✅ ✅ ✅ ❌ ❌ Key agreement algorithms Algorithm \\ Provider Mbed Crypto PKCS 11 TPM 2.0 Trusted Service CryptoAuth library FFDH ✅ ❌ ❌ ❌ ❌ ECDH ✅ ❌ ❌ ❌ ✅","breadcrumbs":"Parsec for client developers » Operations » Parsec Operations Coverage » Algorithm support","id":"131","title":"Algorithm support"},"132":{"body":"You can help increase the coverage of the PSA Crypto API! See here on how you can contribute. Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » Parsec Operations Coverage » Increasing PSA API coverage","id":"132","title":"Increasing PSA API coverage"},"133":{"body":"The attributes are used to fully describe a cryptographic key: its type, size and what is permitted to do with that key. Some of the algorithms defined here are deprecated and should not be used without a valid reason. It is at the discretion of the system administrator whether those algorithms are permitted or not. Notice: not all possible attributes are currently supported by Parsec. Please see the Operations Coverage for an overview of what Parsec currently supports. Some of the attributes might not be supported by some providers as it is not in their interface.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » PSA Key Attributes","id":"133","title":"PSA Key Attributes"},"134":{"body":"A KeyAttributes type contains the following members: Name Type Description key_type KeyType Intrinsic category and type of a key key_bits Unsigned integer Size of a key in bits key_policy KeyPolicy Policy restricting the permitted usage of the key","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » KeyAttributes type","id":"134","title":"KeyAttributes type"},"135":{"body":"A KeyType type can contain one of the following key types: RawData Hmac Derive Aes Des Camellia Arc4 Chacha20 RsaPublicKey RsaKeyPair EccKeyPair EccPublicKey DhKeyPair DhPublicKey","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » KeyType type","id":"135","title":"KeyType type"},"136":{"body":"Not a valid key type for any cryptographic operation but can be used to store arbitrary data in the key store. The bit size of a raw key must be a non-zero multiple of 8.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » RawData type","id":"136","title":"RawData type"},"137":{"body":"HMAC key. The key policy determines which underlying hash algorithm the key can be used for. The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically the same size as the output of the underlying hash algorithm. An HMAC key that is longer than the block size of the underlying hash algorithm will be hashed before use.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Hmac type","id":"137","title":"Hmac type"},"138":{"body":"A secret key for derivation. The key policy determines which key derivation algorithm the key can be used for. The bit size of a secret for key derivation must be a non-zero multiple of 8.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Derive type","id":"138","title":"Derive type"},"139":{"body":"Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. The size of the key is related to the AES algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used: AES-128 uses a 16-byte key: key_bits = 128 AES-192 uses a 24-byte key: key_bits = 192 AES-256 uses a 32-byte key: key_bits = 256 For the XTS block cipher mode, the following key sizes are used: AES-128-XTS uses two 16-byte keys: key_bits = 256 AES-192-XTS uses two 24-byte keys: key_bits = 384 AES-256-XTS uses two 32-byte keys: key_bits = 512 The AES block cipher is defined in FIPS Publication 197: Advanced Encryption Standard (AES) FIPS197 .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Aes type","id":"139","title":"Aes type"},"14":{"body":"Take your first steps with Parsec using the command-line parsec-tool. Follow our familiarisation guide to learn how to use the tool to check the service configuration, create key pairs, sign/decrypt messages and create certificate requests.","breadcrumbs":"Getting Started » I Want to Use Parsec from the Command Line","id":"14","title":"I Want to Use Parsec from the Command Line"},"140":{"body":"Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES). The size of the key determines which DES algorithm is used: Single DES uses an 8-byte key: key_bits = 64 2-key 3DES uses a 16-byte key: key_bits = 128 3-key 3DES uses a 24-byte key: key_bits = 192 Warning : Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data. 3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols. The DES and 3DES block ciphers are defined in NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP800-67 .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Des type","id":"140","title":"Des type"},"141":{"body":"Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher. The size of the key is related to the Camellia algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used: Camellia-128 uses a 16-byte key: key_bits = 128 Camellia-192 uses a 24-byte key: key_bits = 192 Camellia-256 uses a 32-byte key: key_bits = 256 For the XTS block cipher mode, the following key sizes are used: Camellia-128-XTS uses two 16-byte keys: key_bits = 256 Camellia-192-XTS uses two 24-byte keys: key_bits = 384 Camellia-256-XTS uses two 32-byte keys: key_bits = 512 The Camellia block cipher is defined in Specification of Camellia — a 128-bit Block Cipher NTT-CAM and also described in A Description of the Camellia Encryption Algorithm RFC3713 .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Camellia type","id":"141","title":"Camellia type"},"142":{"body":"Key for the RC4 stream cipher. The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8 (5 to 256 bytes). Use a Cipher algorithm with Stream Cipher variant to use this key with the ARC4 cipher. Warning : The RC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Arc4 type","id":"142","title":"Arc4 type"},"143":{"body":"Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm. The ChaCha20 key size is 256 bits (32 bytes). Use Cipher algorithm with Stream Cipher variant to use this key with the ChaCha20 cipher for unauthenticated encryption. Use Aead algorithm with ChaCha20-Poly1305 variant to use this key with the ChaCha20 cipher and Poly1305 authenticator for AEAD.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Chacha20 type","id":"143","title":"Chacha20 type"},"144":{"body":"RSA public key.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » RsaPublicKey type","id":"144","title":"RsaPublicKey type"},"145":{"body":"RSA key pair: both the private and public key.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » RsaKeyPair type","id":"145","title":"RsaKeyPair type"},"146":{"body":"Elliptic curve key pair: both the private and public key. Uses one of the ECC curve family supported .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » EccKeyPair type","id":"146","title":"EccKeyPair type"},"147":{"body":"Elliptic curve public key. Uses one of the ECC curve family supported .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » EccPublicKey type","id":"147","title":"EccPublicKey type"},"148":{"body":"Diffie-Hellman key pair: both the private key and public key. Uses one of the Diffie-Hellman group family supported .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » DhKeyPair type","id":"148","title":"DhKeyPair type"},"149":{"body":"Diffie-Hellman public key. Uses one of the Diffie-Hellman group family supported .","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » DhPublicKey type","id":"149","title":"DhPublicKey type"},"15":{"body":"If you want to understand the internal details of Parsec, including the structure of the project source code, then the best place to start is the service developer guide .","breadcrumbs":"Getting Started » I Want to Understand How Parsec Works Internally","id":"15","title":"I Want to Understand How Parsec Works Internally"},"150":{"body":"Enumeration of elliptic curve families supported. They are needed to create an ECC key. The specific curve used for each family is given by the key_bits field of the key attributes. SEC Koblitz curves over prime fields. This family comprises the following curves: secp192k1: key_bits = 192 secp224k1: key_bits = 225 secp256k1: key_bits = 256 SEC random curves over prime fields. This family comprises the following curves: secp192r1: key_bits = 192 secp224r1: key_bits = 224 secp256r1: key_bits = 256 secp384r1: key_bits = 384 secp521r1: key_bits = 512 SEC additional random curves over prime fields. This family comprises the following curves: secp160r2: key_bits = 160 (DEPRECATED) SEC Koblitz curves over binary fields. This family comprises the following curves: sect163k1: key_bits = 163 (DEPRECATED) sect233k1: key_bits = 233 sect239k1: key_bits = 239 sect283k1: key_bits = 283 sect409k1: key_bits = 409 sect571k1: key_bits = 571 SEC random curves over binary fields. This family comprises the following curves: sect163r1: key_bits = 163 (DEPRECATED) sect233r1: key_bits = 233 sect283r1: key_bits = 283 sect409r1: key_bits = 409 sect571r1: key_bits = 571 SEC additional random curves over binary fields. This family comprises the following curves: sect163r2 : key_bits = 163 (DEPRECATED) Brainpool P random curves. This family comprises the following curves: brainpoolP160r1: key_bits = 160 (DEPRECATED) brainpoolP192r1: key_bits = 192 brainpoolP224r1: key_bits = 224 brainpoolP256r1: key_bits = 256 brainpoolP320r1: key_bits = 320 brainpoolP384r1: key_bits = 384 brainpoolP512r1: key_bits = 512 FRP. Curve used primarily in France and elsewhere in Europe. This family comprises one 256-bit curve: FRP256v1: key_bits = 256 Montgomery curves. This family comprises the following Montgomery curves: Curve25519: key_bits = 255 Curve448: key_bits = 448","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Supported ECC curve families","id":"150","title":"Supported ECC curve families"},"151":{"body":"Enumeration of Diffie Hellman group families supported. They are needed to create a DH key. The specific group used for each family is given by the key_bits field of the key attributes. RFC7919. Finite-field Diffie-Hellman groups defined for TLS in RFC 7919. This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192. Keys is this group can only be used with the FFDH key agreement algorithm.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » Supported DH group families","id":"151","title":"Supported DH group families"},"152":{"body":"Definition of the key policy, what is permitted to do with the key. A KeyPolicy type contains the following members: Name Type Description key_usage_flags UsageFlags Usage flags for the key key_algorithm Algorithm Permitted algorithms to be used with the key","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » KeyPolicy type","id":"152","title":"KeyPolicy type"},"153":{"body":"Definition of the usage flags. They encode what kind of operations are permitted on the key. A UsageFlags type contains the following members: Name Type Description export Boolean Permission to export the key copy Boolean Permission to copy the key cache Boolean Permission for the implementation to cache the key encrypt Boolean Permission to encrypt a message with the key decrypt Boolean Permission to decrypt a message with the key sign_message Boolean Permission to sign a message with the key verify_message Boolean Permission to verify a message with the key sign_hash Boolean Permission to sign a hash with the key verify_hash Boolean Permission to verify a hash with the key derive Boolean Permission to derive other keys from this key","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » UsageFlags type","id":"153","title":"UsageFlags type"},"154":{"body":"Permission to sign a message with the key. This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs: PsaMacCompute PsaSignMessage For a key pair, this concerns the private key.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » sign message usage","id":"154","title":"sign message usage"},"155":{"body":"Permission to verify a message signature with the key. This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs: PsaMacVerify PsaVerifyMessage For a key pair, this concerns the public key.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » verify message usage","id":"155","title":"verify message usage"},"156":{"body":"Permission to sign a message hash with the key. This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling PsaSignHash. This flag automatically sets sign_message: if an application sets the flag sign_hash when creating a key, then the key always has the permissions conveyed by sign_message. For a key pair, this concerns the private key.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » sign hash usage","id":"156","title":"sign hash usage"},"157":{"body":"Permission to verify a message hash with the key. This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling PsaVerifyHash. This flag automatically sets verify_message: if an application sets the flag verify_hash when creating a key, then the key always has the permissions conveyed by verify_message. For a key pair, this concerns the public key. Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PSA Key Attributes » verify hash usage","id":"157","title":"verify hash usage"},"158":{"body":"The algorithm is used to select the specific cryptographic operation and to set a policy on a new key. Some of the algorithms defined here are deprecated and should not be used without a valid reason. It is at the discretion of the system administrator whether those algorithms are permitted or not. Notice: not all possible algorithms are currently supported by Parsec. Please see the API coverage for an overview of what Parsec currently supports. Some of the attributes might not be supported by some providers as it is not in their interface.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » PSA Algorithm","id":"158","title":"PSA Algorithm"},"159":{"body":"An Algorithm type can contain one of the following algorithm types: None Hash Mac Cipher Aead AsymmetricSignature AsymmetricEncryption KeyAgreement KeyDerivation","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » Algorithm type","id":"159","title":"Algorithm type"},"16":{"body":"Fantastic! Parsec client libraries in new programming languages are always welcomed by the maintenance team and the community. Head over to the client developer guide and learn how to get started.","breadcrumbs":"Getting Started » I Want to Create a New Parsec Client Library","id":"16","title":"I Want to Create a New Parsec Client Library"},"160":{"body":"An invalid algorithm identifier value. None does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » None algorithm","id":"160","title":"None algorithm"},"161":{"body":"Possible hash algorithms are: MD2. DEPRECATED: the MD2 hash is weak and deprecated and is only recommended for use in legacy protocols. MD4. DEPRECATED: the MD4 hash is weak and deprecated and is only recommended for use in legacy protocols. MD5. DEPRECATED: the MD5 hash is weak and deprecated and is only recommended for use in legacy protocols. RIPEMD-160. SHA-1. SHA-224. SHA-256. SHA-384. SHA-512. SHA-512/224. SHA-512/256. SHA3-224. SHA3-256. SHA3-384. SHA3-512.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » Hash algorithm","id":"161","title":"Hash algorithm"},"162":{"body":"The Message Authentication Code algorithms supported are: HMAC. Uses one of the hash algorithm supported. CBC-MAC construction over a block cipher. Warning: CBC-MAC is insecure in many cases. A more secure mode, such as CMAC, is recommended. CMAC construction over a block cipher. Truncated MAC algorithms are also supported. A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first wanted bytes of the MAC value for the untruncated algorithm.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » Mac algorithm","id":"162","title":"Mac algorithm"},"163":{"body":"Unauthenticated cipher alhorithms. Warning: The unauthenticated cipher API is provided to implement legacy protocols and for use cases where the data integrity and authenticity is guaranteed by non-cryptographic means. It is recommended that newer protocols use Authenticated Encryption with Associated Data (AEAD). Stream Cipher : the stream cipher mode of a stream cipher algorithm. The underlying stream cipher is determined by the key type: To use ChaCha20, use the Chacha20 key type. To use ARC4, use the Arc4 key type. CTR : A stream cipher built using the Counter (CTR) mode of a block cipher. CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type AES and a length of 128 bits (16 bytes). CFB : A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher. The underlying block cipher is determined by the key type. OFB : A stream cipher built using the Output Feedback (OFB) mode of a block cipher. The underlying block cipher is determined by the key type. XTS : The XTS cipher mode of a block cipher. XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks. ECB with no padding : The Electronic Code Book (ECB) mode of a block cipher, with no padding. The underlying block cipher is determined by the key type. Warning: ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB. CBC with no padding : The Cipher Block Chaining (CBC) mode of a block cipher, with no padding. The underlying block cipher is determined by the key type. CBC with PKCS#7 padding : The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding. The underlying block cipher is determined by the key type.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » Cipher algorithm","id":"163","title":"Cipher algorithm"},"164":{"body":"Authenticated encryption with associated data (AEAD). The supported algorithms are: CCM : the CCM authenticated encryption algorithm. The underlying block cipher is determined by the key type. GCM : the GCM authenticated encryption algorithm. The underlying block cipher is determined by the key type. ChaCha20-Poly1305 : the ChaCha20-Poly1305 AEAD algorithm. The ChaCha20-Poly1305 construction is defined in RFC 7539 . AEAD algorithms with a shortened tag are also supported. An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » Aead algorithm","id":"164","title":"Aead algorithm"},"165":{"body":"Asymmetric signature algorithms. Supported algorithms: RSA PKCS#1 v1.5 signature with hashing. This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5. Uses one of the hash algorithm supported. Raw PKCS#1 v1.5 signature. The input to this algorithm is the DigestInfo structure used by RFC 8017 §9.2 (PKCS#1: RSA Cryptography Specifications), in steps 3–6. RSA PSS signature with hashing. This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation. Uses one of the hash algorithm supported. ECDSA signature with hashing. This is the Elliptic Curve Digital Signature Algorithm (ECDSA) defined by ANSI X9.62-2005, with a random per-message secret number (k). The representation of the signature as a byte string consists of the concatenation of the signature values r and s. Each of r and s is encoded as an N-octet string, where N is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first. Uses one of the hash algorithm supported. ECDSA signature without hashing. This is the same signature scheme as above, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size. Deterministic ECDSA signature with hashing. This is the deterministic ECDSA signature scheme defined by RFC 6979 . Uses one of the hash algorithm supported. When defining the permitted algorithms in a key policy, the hash-and-sign algorithms above can use the value Any Hash for their hash algorithm, meaning that it will allow any hash algorithm. This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » AsymmetricSignature algorithm","id":"165","title":"AsymmetricSignature algorithm"},"166":{"body":"Asymmetric encryption algorithms. Supported algorithms: RSA PKCS#1 v1.5 encryption. RSA OAEP encryption. This is the encryption scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1. Uses one of the supported hash algorithms.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » AsymmetricEncryption algorithm","id":"166","title":"AsymmetricEncryption algorithm"},"167":{"body":"Key agreement algorithms. FFDH : the finite-field Diffie-Hellman (DH) key agreement algorithm. ECDH : the elliptic curve Diffie-Hellman (ECDH) key agreement algorithm. A combined algorithm that chains a key agreement with a key derivation is also supported.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » KeyAgreement algorithm","id":"167","title":"KeyAgreement algorithm"},"168":{"body":"Key derivation algorithms. HKDF algorithm. Uses of the hash algorithms supported. TLS-1.2 PRF algorithm. Uses of the hash algorithms supported. TLS-1.2 PSK-to-MasterSecret algorithm. Uses of the hash algorithms supported. Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PSA Algorithm » KeyDerivation algorithm","id":"168","title":"KeyDerivation algorithm"},"169":{"body":"Determines whether the service is present and responsive on the expected endpoint. Opcode: 1 (0x0001)","breadcrumbs":"Parsec for client developers » Operations » Ping » Ping","id":"169","title":"Ping"},"17":{"body":"Read the procedure for creating secure installations to learn the steps for setting up a secure deployment. If you have installed Parsec using a package manager, then these steps should already have been followed by the installation scripts on your system, and there should be nothing more to do. However, you can also use the secure deployment guide to ensure that your system is installed according to best practices.","breadcrumbs":"Getting Started » I Want to Make Sure that My Parsec Installation Is Secure","id":"17","title":"I Want to Make Sure that My Parsec Installation Is Secure"},"170":{"body":"No parameters are needed for this operation.","breadcrumbs":"Parsec for client developers » Operations » Ping » Parameters","id":"170","title":"Parameters"},"171":{"body":"Name Type Description wire_protocol_version_maj Unsigned integer Wire protocol version major wire_protocol_version_min Unsigned integer Wire protocol version minor","breadcrumbs":"Parsec for client developers » Operations » Ping » Results","id":"171","title":"Results"},"172":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » Ping » Specific response status codes","id":"172","title":"Specific response status codes"},"173":{"body":"Clients should follow the following bootstrapping sequence if they want to switch to the highest wire protocol version that the service support: Client requests a Ping operation using the wire protocol version 1.0. Service responds with the highest wire protocol version supported x.y. Client can now use any wire protocol version up to and including x.y for further requests.","breadcrumbs":"Parsec for client developers » Operations » Ping » Description","id":"173","title":"Description"},"174":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » Ping » Contract","id":"174","title":"Contract"},"175":{"body":"Generate a key or key pair. Opcode: 2 (0x0002)","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » PsaGenerateKey","id":"175","title":"PsaGenerateKey"},"176":{"body":"Name Type Description key_name String Name of the key to generate attributes KeyAttributes The attributes of the new key The key_type field of attributes can not be an asymmetric public key.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » Parameters","id":"176","title":"Parameters"},"177":{"body":"No values are returned by this operation.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » Results","id":"177","title":"Results"},"178":{"body":"PsaErrorAlreadyExists: There is already a key with the given name. PsaErrorNotSupported: The key type or key size is not supported. PsaErrorInvalidArgument: The key attributes, as a whole, are invalid.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » Specific response status codes","id":"178","title":"Specific response status codes"},"179":{"body":"The key is generated randomly. Its location, policy, type and size are taken from attributes. The following type-specific considerations apply: For RSA keys (key type is RsaKeyPair ), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » Description","id":"179","title":"Description"},"18":{"body":"Parsec back-end modules are known as providers . Default installations of Parsec use a software-based provider, also known as the Mbed provider, which is very simple to use but does not integrate with the secure hardware that you might have on your device. Follow the configuration guide to learn how to edit Parsec's configuration file to select the right kind of provider. You can also learn how to set up and use the different providers here . If you are not sure how your Parsec service is configured, or whether it is using a hardware back-end, the command-line tooling guide has some steps to help you check this.","breadcrumbs":"Getting Started » I Want to Configure the Correct Hardware Back-End for My Device","id":"18","title":"I Want to Configure the Correct Hardware Back-End for My Device"},"180":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateKey » Contract","id":"180","title":"Contract"},"181":{"body":"Destroy a key. Opcode: 3 (0x0003)","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » PsaDestroyKey","id":"181","title":"PsaDestroyKey"},"182":{"body":"Name Type Description key_name String Name of the key to erase","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » Parameters","id":"182","title":"Parameters"},"183":{"body":"No values are returned by this operation.","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » Results","id":"183","title":"Results"},"184":{"body":"PsaErrorNotPermitted: The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions. PsaErrorCommunicationFailure: There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor. PsaErrorStorageFailure: The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases. PsaErrorDataCorrupt: The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases. PsaErrorCorruptionDetected: An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » Specific response status codes","id":"184","title":"Specific response status codes"},"185":{"body":"This function destroys a key from storage. This function also erases any metadata such as policies and frees resources associated with the key. If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » Description","id":"185","title":"Description"},"186":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaDestroyKey » Contract","id":"186","title":"Contract"},"187":{"body":"Sign an already-calculated hash with a private key. Opcode: 4 (0x0004)","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » PsaSignHash","id":"187","title":"PsaSignHash"},"188":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricSignature An asymmetric signature algorithm that separates the hash and sign operations that is compatible with the type of key hash Vector of bytes The input to sign key_name must be the name of an asymmetric key pair. The key must allow the usage flag sign_hash. hash is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » Parameters","id":"188","title":"Parameters"},"189":{"body":"Name Type Description signature Vector of bytes Buffer containing the signature","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » Results","id":"189","title":"Results"},"19":{"body":"We will be delighted to have you! Head over to our community repository to discover how to join and contribute to the Parsec conversation on Slack, Zoom and GitHub. Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Getting Started » I Want to Get Involved With the Parsec Community","id":"19","title":"I Want to Get Involved With the Parsec Community"},"190":{"body":"PsaErrorNotPermitted: The key does not have the sign_hash flag, or it does not permit the requested algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » Specific response status codes","id":"190","title":"Specific response status codes"},"191":{"body":"With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm. Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: Raw PKCS#1 v1.5 signature. Note: To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This could be done with the operation PsaHashCompute or with a multi-part hash operation. Those operations are not yet implemented. Alternatively, to hash and sign a message in a single call, you could use PsaSignMessage.","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » Description","id":"191","title":"Description"},"192":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaSignHash » Contract","id":"192","title":"Contract"},"193":{"body":"Verify the signature of a hash or short message using a public key. Opcode: 5 (0x0005)","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » PsaVerifyHash","id":"193","title":"PsaVerifyHash"},"194":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricSignature An asymmetric signature algorithm that separates the hash and sign operations that is compatible with the type of key hash Vector of bytes The input whose signature is to be verified signature Vector of bytes Buffer containing the signature to verify key_name must be the name of a public key or an asymmetric key pair. The key must allow the usage flag verify_hash. hash is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » Parameters","id":"194","title":"Parameters"},"195":{"body":"No values are returned by this operation. If Success is returned the signature is valid.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » Results","id":"195","title":"Results"},"196":{"body":"PsaErrorNotPermitted: The key does not have the verify_hash flag, or it does not permit the requested algorithm. PsaErrorInvalidSignature: The calculation was performed successfully, but the passed signature is not a valid signature.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » Specific response status codes","id":"196","title":"Specific response status codes"},"197":{"body":"With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm. Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: Raw PKCS#1 v1.5 signature. Note: To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This could be done with the operation PsaHashCompute or with a multi-part hash operation. Those operations are not yet implemented. Alternatively, to hash and verify a message signature in a single call, you could use PsaVerifyMessage.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » Description","id":"197","title":"Description"},"198":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyHash » Contract","id":"198","title":"Contract"},"199":{"body":"Import a key in binary format. Opcode: 6 (0x0006)","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » PsaImportKey","id":"199","title":"PsaImportKey"},"2":{"body":"Today's computing platforms have evolved to offer a range of facilities for secure storage and secure operations. There are hardware-backed facilities such as the Hardware Security Module (HSM) or Trusted Platform Module (TPM). There are firmware services running in Trusted Execution Environments (TEE). There are also cloud-based security services. At a bare minimum, security facilities may be provided purely in software, where they are protected by mechanisms provided in the operating system. Over the years, software standards have emerged to allow developers to use these facilities from their applications. But these standards bring with them the following challenges: They are defined with the expectation that the caller is the \"owner\" of the platform, meaning that it has sole access to the underlying hardware. In reality, this is often not the case, because the caller might reside in a container or virtual machine, where it is sharing the host hardware with other applications. Existing software standards do not cater well for this situation. They are defined exhaustively, with lengthy specifications detailing all permissible operations and parameters. They are written from the perspective of the security device and its capabilities, rather than from the perspective of the application and its use case. This can offer a daunting and bewildering experience for developers, who spend a lot of time and effort figuring out how to map their use case onto the API. There is nothing to tailor the API so that it can be consumed easily for common, simple cases. They are specific to a programming language such as C. To consume them in other languages, it is necessary to use interoperability layers such as Foreign Function Interface (FFI), which can make the developer experience even more cumbersome and unnatural. Interoperability layers can also be a source of vulnerabilities. Standards tend to be adopted based on some knowledge of the target platform. So while it might be possible for code to be portable across multiple HSM vendors, for example, it is much harder to make code portable between an HSM-based platform and a TPM-based platform. Parsec inverts this traditional approach to standardizing security interfaces, and it does so by putting applications front and center. It offers an API that is no less comprehensive, but it does so in a way that puts the needs of applications and their common use cases first. Applications simply want the best-available security, and they want to be able to consume it in a way that is simple, natural, and hard to get wrong. The following observations can be made about such applications: They can be written in a variety of programming languages. They may be written with no explicit knowledge of the hardware capabilities of the target platform, such as whether an HSM or TPM is available. They are often sharing the target platform hardware with other applications due to the use of virtualization or containerization technology. The secure assets owned by one application must be isolated from those owned by another. For example, private keys provisioned on a hardware device must be isolated such that only the provisioning application would be able to perform subsequent operations with those keys. They have differing requirements in terms of permissible cryptographic algorithms and key strengths. These observations motivate the need for a new platform abstraction that offers a common palette of security primitives via a software interface that is both agnostic with respect to the underlying hardware capabilities, and also capable of supporting multiple client applications on the same host, whether those be within containers or within traditional virtual machines. Parsec is a new software architecture and ecosystem that addresses this need.","breadcrumbs":"Overview » Why Platform-Agnostic Security?","id":"2","title":"Why Platform-Agnostic Security?"},"20":{"body":"This content has moved to the installation guide . Copyright 2022 Contributors to the Parsec project.","breadcrumbs":"Getting Started » Quickstart for Linux on x86 » Quickstart for Linux on x86","id":"20","title":"Quickstart for Linux on x86"},"200":{"body":"Name Type Description key_name String Name of the key to import attributes KeyAttributes The attributes of the new key data Vector of bytes Buffer containing the key data The content of the data buffer is interpreted according to the type declared in attributes. Parsec supports the formats described in the documentation of PsaExportKey or PsaExportPublicKey for the chosen type. The key size is always determined from the data buffer. If the key size in attributes is nonzero, it must be equal to the size from data.","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » Parameters","id":"200","title":"Parameters"},"201":{"body":"No values are returned by this operation.","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » Results","id":"201","title":"Results"},"202":{"body":"PsaErrorAlreadyExists: There is already a key with the given name. PsaErrorNotSupported: The key type or key size is not supported. PsaErrorInvalidArgument: The key attributes, as a whole, are invalid. PsaErrorInvalidArgument: The key data is not correctly formatted. PsaErrorInvalidArgument: The size in attributes is nonzero and does not match the size of the key data.","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » Specific response status codes","id":"202","title":"Specific response status codes"},"203":{"body":"This function supports any output from PsaExportKey. Refer to the documentation of PsaExportPublicKey for the format of public keys and to the documentation of PsaExportKey for the format for other key types. This specification supports a single format for each key type. Parsec might support other formats in the future.","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » Description","id":"203","title":"Description"},"204":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaImportKey » Contract","id":"204","title":"Contract"},"205":{"body":"Export a public key or the public part of a key pair in binary format. Opcode: 7 (0x0007)","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » PsaExportPublicKey","id":"205","title":"PsaExportPublicKey"},"206":{"body":"Name Type Description key_name String Name of the public key to export","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » Parameters","id":"206","title":"Parameters"},"207":{"body":"Name Type Description data Vector of bytes Buffer containing the key data","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » Results","id":"207","title":"Results"},"208":{"body":"PsaErrorInvalidArgument: The key is neither a public key nor a key pair.","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » Specific response status codes","id":"208","title":"Specific response status codes"},"209":{"body":"The output of this function can be passed to PsaImportKey to create an object that is equivalent to the public key. For standard key types, the output format is as follows: For RSA public keys, with key type RsaPublicKey , the DER encoding of the representation defined by Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certifiate and Certificate Revocation List (CRL) Profile RFC 3279 §2.3.1 as RSAPublicKey ([1]). For elliptic curve public keys, with key type EccPublicKey , the format depends on the curve family : For Weierstrass curve families sectXX, secpXX, FRP and Brainpool, the uncompressed representation of an elliptic curve point as an octet string defined in SEC 1: Elliptic Curve Cryptography SEC1 §2.3.3. If m is the bit size associated with the curve, i.e. the bit size of q for a curve over F_q. The representation consists of: The byte 0x04; x_P as a ceiling(m/8)-byte string, big-endian; y_P as a ceiling(m/8)-byte string, big-endian. For Montgomery curve family, the scalar value of the ‘public key’ in little-endian order as defined by Elliptic Curves for Security RFC 7748 §6 . This is a ceiling(m/8)-byte string where m is the key size in bits. This is 32 bytes for Curve25519, computed as X25519(private_key, 9). This is 56 bytes for Curve448, computed as X448(private_key, 5). For Diffie-Hellman key exchange public keys, with key types DhPublicKey , the format is the representation of the public key y = g^x mod p as a big-endian byte string. The length of the byte string is the length of the base prime p in bytes. Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags. [1]: The RSAPublicKey representation is: RSAPublicKey ::= SEQUENCE { modulus INTEGER, -- n publicExponent INTEGER -- e\n}","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » Description","id":"209","title":"Description"},"21":{"body":"This content has moved to the installation guide . Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Getting Started » Quickstart for openSUSE and SUSE » Quickstart for openSUSE and SUSE","id":"21","title":"Quickstart for openSUSE and SUSE"},"210":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaExportPublicKey » Contract","id":"210","title":"Contract"},"211":{"body":"Gets a prioritised list of available Parsec providers to be used by clients. Opcode: 8 (0x0008)","breadcrumbs":"Parsec for client developers » Operations » ListProviders » ListProviders","id":"211","title":"ListProviders"},"212":{"body":"No parameters are needed for this operation.","breadcrumbs":"Parsec for client developers » Operations » ListProviders » Parameters","id":"212","title":"Parameters"},"213":{"body":"Name Type Description providers Vector of ProviderInfo List of provider information","breadcrumbs":"Parsec for client developers » Operations » ListProviders » Results","id":"213","title":"Results"},"214":{"body":"A ProviderInfo type contains the following members: Name Type Description uuid String Unique, permanent, identifier of the provider (version 4 UUID) description String Short description of the provider vendor String Provider vendor version_maj Unsigned integer Provider implementation version major version_min Unsigned integer Provider implementation version minor version_rev Unsigned integer Provider implementation version revision number id Unsigned integer Provider ID to use on the wire protocol to communicate with this provider","breadcrumbs":"Parsec for client developers » Operations » ListProviders » ProviderInfo type","id":"214","title":"ProviderInfo type"},"215":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » ListProviders » Specific response status codes","id":"215","title":"Specific response status codes"},"216":{"body":"The version triplet returned by this operation (version_maj, version_min and version_rev) is the implementation version of the specific Parsec provider. For the Core Provider, this version is the implementation version of the whole Parsec service. The providers vector returned is in order of provider priority: the highest priority providers come first. The core provider will always come last. The provider at position zero, if not the core provider, can be treated as default provider by the client. Clients should still check the supported opcodes of the provider, even the default one, as it might not implement the operations they want.","breadcrumbs":"Parsec for client developers » Operations » ListProviders » Description","id":"216","title":"Description"},"217":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » ListProviders » Contract","id":"217","title":"Contract"},"218":{"body":"Gets a list of available opcodes supported by a Parsec provider. Opcode: 9 (0x0009)","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » ListOpcodes","id":"218","title":"ListOpcodes"},"219":{"body":"Name Type Description provider_id Unsigned integer Provider for which the supported opcodes are requested.","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » Parameters","id":"219","title":"Parameters"},"22":{"body":"Please refer to the installation guide . Copyright 2021-2023 Contributors to the Parsec project.","breadcrumbs":"Getting Started » Quickstart using a Docker container » Docker","id":"22","title":"Docker"},"220":{"body":"Name Type Description opcodes Vector of unsigned integers List of supported opcodes","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » Results","id":"220","title":"Results"},"221":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » Specific response status codes","id":"221","title":"Specific response status codes"},"222":{"body":"Gets a list of available opcodes supported by a Parsec provider.","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » Description","id":"222","title":"Description"},"223":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » ListOpcodes » Contract","id":"223","title":"Contract"},"224":{"body":"Encrypt a short message with a public key. Opcode: 10 (0x000A)","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » PsaAsymmetricEncrypt","id":"224","title":"PsaAsymmetricEncrypt"},"225":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricEncryption An asymmetric encryption algorithm that is compatible with the type of key plaintext Vector of bytes Short message to encrypt salt Vector of bytes Salt to use during encryption, if supported by the algorithm key_name must be the name of an RSA asymmetric key pair or public key. The key must allow the usage flag encrypt. salt can be provided if supported by the algorithm. If the algorithm does not support salt, pass an empty vector. If the algorithm supports optional salt, pass an empty vector to indicate no salt. For RSA PKCS#1 v1.5 encryption, no salt is supported.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » Parameters","id":"225","title":"Parameters"},"226":{"body":"Name Type Description ciphertext Vector of bytes Buffer containing the encrypted message","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » Results","id":"226","title":"Results"},"227":{"body":"PsaErrorNotPermitted: The key does not have the encrypt flag, or it does not permit the requested algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » Specific response status codes","id":"227","title":"Specific response status codes"},"228":{"body":"This function will encrypt a short message with the public key provided, or of the provided key pair.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » Description","id":"228","title":"Description"},"229":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricEncrypt » Contract","id":"229","title":"Contract"},"23":{"body":"","breadcrumbs":"Getting Started » Installation Guide » Installation Options","id":"23","title":"Installation Options"},"230":{"body":"Decrypt a short message with a private key. Opcode: 11 (0x000B)","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » PsaAsymmetricDecrypt","id":"230","title":"PsaAsymmetricDecrypt"},"231":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricEncryption An asymmetric encryption algorithm that is compatible with the type of key ciphertext Vector of bytes Short message to decrypt salt Vector of bytes Salt to use during encryption, if supported by the algorithm key_name must be the name of an RSA asymmetric key pair. The key must allow the usage flag decrypt. salt can be provided if supported by the algorithm. If the algorithm does not support salt, pass an empty vector. If the algorithm supports optional salt, pass an empty vector to indicate no salt. For RSA PKCS#1 v1.5 encryption, no salt is supported.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » Parameters","id":"231","title":"Parameters"},"232":{"body":"Name Type Description plaintext Vector of bytes Buffer containing the decrypted message","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » Results","id":"232","title":"Results"},"233":{"body":"PsaErrorNotPermitted: The key does not have the decrypt flag, or it does not permit the requested algorithm. PsaErrorInvalidPadding: The decrypted padding is incorrect. See Warning below.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » Specific response status codes","id":"233","title":"Specific response status codes"},"234":{"body":"This function will decrypt a short message with the private key of the provided key pair. WARNING: In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct (see Bleichenbacher ). If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » Description","id":"234","title":"Description"},"235":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaAsymmetricDecrypt » Contract","id":"235","title":"Contract"},"236":{"body":"Export a key in binary format. Opcode: 12 (0x000C)","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » PsaExportKey","id":"236","title":"PsaExportKey"},"237":{"body":"Name Type Description key_name String Name of the key to export The key must allow the usage flag export.","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » Parameters","id":"237","title":"Parameters"},"238":{"body":"Name Type Description data Vector of bytes Buffer containing the key data","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » Results","id":"238","title":"Results"},"239":{"body":"PsaErrorNotPermitted: The key is not have the [export] usage flag.","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » Specific response status codes","id":"239","title":"Specific response status codes"},"24":{"body":"The easiest way to check whether Parsec is already installed and running on your system is to open a terminal window and issue this command: parsec-tool ping If the Parsec components are installed and running, this command will produce output similar to the following: [INFO] Service wire protocol version\n1.0 If this fails, then do not worry. Read on to learn the best way to get Parsec up and running on your system.","breadcrumbs":"Getting Started » Installation Guide » Is Parsec Already Running?","id":"24","title":"Is Parsec Already Running?"},"240":{"body":"The output of this function can be passed to PsaImportKey to create an object that is equivalent to key. For standard key types, the output format is as follows: For symmetric keys, including HMAC keys, the format is the raw bytes of the key. For DES , the key data consists of 8 bytes. The parity bits must be correct. For Triple-DES , the format is the concatenation of the two or three DES keys. For RSA key pairs, with key type RsaKeyPair , the format is the non-encrypted DER encoding of the representation defined in PKCS #1: RSA Cryptography Specifications Version 2.2 RFC 8017 as RSAPrivateKey, version 0 ([1]). For elliptic curve key pairs, with key type EccKeyPair , the format is a representation of the private value. For Weierstrass curve families sectXX, secpXX, FRP and Brainpool, the content of the privateKey field of the ECPrivateKey format defined by Elliptic Curve Private Key Structure RFC 5915 . This is a ceiling(m/8)-byte string in big-endian order where m is the key size in bits. For Montgomery curve family, the scalar value of the ‘private key’ in little-endian order as defined by Elliptic Curves for Security RFC 7748 §6 . The value must have the forced bits set to zero or one as specified by decodeScalar25519() and decodeScalar448() in RFC7748 §5 . This is a ceiling(m/8)-byte string where m is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448. For Diffie-Hellman key exchange key pairs, with key types DhKeyPair , the format is the representation of the private key x as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped. For public keys, the format is the same as for PsaExportPublicKey [1]: The RSAPrivateKey representation is: RSAPrivateKey ::= SEQUENCE { version INTEGER, -- must be 0 modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p\n}","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » Description","id":"240","title":"Description"},"241":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaExportKey » Contract","id":"241","title":"Contract"},"242":{"body":"Generate a vector of random bytes. Opcode: 13 (0x000D)","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » PsaGenerateRandom","id":"242","title":"PsaGenerateRandom"},"243":{"body":"Name Type Description size usize The number of random bytes to generate","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » Parameters","id":"243","title":"Parameters"},"244":{"body":"Name Type Description random_bytes Vector of unsigned bytes The randomly generated bytes","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » Results","id":"244","title":"Results"},"245":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » Specific response status codes","id":"245","title":"Specific response status codes"},"246":{"body":"The bytes are generated using a cryptographically secure random number generator.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » Description","id":"246","title":"Description"},"247":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaGenerateRandom » Contract","id":"247","title":"Contract"},"248":{"body":"Gets a list of Parsec authenticators available for use at the listener endpoint. Opcode: 14 (0x000E)","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » ListAuthenticators","id":"248","title":"ListAuthenticators"},"249":{"body":"No parameters are needed for this operation.","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » Parameters","id":"249","title":"Parameters"},"25":{"body":"The easiest way to install Parsec is by using the package manager on your system. Parsec is available as a package in Fedora and openSUSE Linux distributions. If you are using one of these distributions, follow the guide below to get Parsec installed and working.","breadcrumbs":"Getting Started » Installation Guide » Option 1: Install Parsec Using the Package Manager","id":"25","title":"Option 1: Install Parsec Using the Package Manager"},"250":{"body":"Name Type Description authenticators Vector of AuthenticatorInfo List of authenticator information","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » Results","id":"250","title":"Results"},"251":{"body":"A AuthenticatorInfo type contains the following members: Name Type Description description String Short description of the authenticator version_maj Unsigned integer Authenticator implementation version major version_min Unsigned integer Authenticator implementation version minor version_rev Unsigned integer Authenticator implementation version revision number id Unsigned integer Authenticator ID to use on the wire protocol to communicate with this authenticator","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » AuthenticatorInfo type","id":"251","title":"AuthenticatorInfo type"},"252":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » Specific response status codes","id":"252","title":"Specific response status codes"},"253":{"body":"The version triplet returned by this operation (version_maj, version_min and version_rev) is the implementation version of the specific Parsec authenticator. The authenticators vector returned is in priority order. The primary authenticator will always occupy index 0 in the vector.","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » Description","id":"253","title":"Description"},"254":{"body":"Protobuf Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » ListAuthenticators » Contract","id":"254","title":"Contract"},"255":{"body":"Calculate the hash (digest) of a message. Opcode: 15 (0x000F)","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » PsaHashCompute","id":"255","title":"PsaHashCompute"},"256":{"body":"Name Type Description alg Hash The hash algorithm to compute input Vector of unsigned bytes Buffer containing message to hash","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » Parameters","id":"256","title":"Parameters"},"257":{"body":"Name Type Description hash Vector of unsigned bytes Buffer containing hash of message","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » Results","id":"257","title":"Results"},"258":{"body":"PsaErrorNotSupported: alg is not supported.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » Specific response status codes","id":"258","title":"Specific response status codes"},"259":{"body":"Calculates the hash of the given message, using the specified algorithm. Note: To verify the hash of a message against an expected value, use PsaHashCompare .","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » Description","id":"259","title":"Description"},"26":{"body":"To install Parsec on openSUSE Tumbleweed or openSUSE Leap 15.3 (and later) , just install parsec and parsec-tool from YaST (graphical UI), or from zypper (command line): sudo zypper install parsec parsec-tool Note: If you use SUSE SLE15-SP3 (or later), parsec and parsec-tool are available from Package-Hub repository. So, please enable Package-Hub before trying to install those packages. To install Parsec on Fedora 34 (and later) , you can run the following command from the terminal: sudo dnf install parsec parsec-tool","breadcrumbs":"Getting Started » Installation Guide » Installing the Parsec Packages","id":"26","title":"Installing the Parsec Packages"},"260":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompute » Contract","id":"260","title":"Contract"},"261":{"body":"Calculate the hash (digest) of a message and compare it with a reference value. Opcode: 16 (0x0010)","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » PsaHashCompare","id":"261","title":"PsaHashCompare"},"262":{"body":"Name Type Description alg Hash The hash algorithm to compute input Vector of unsigned bytes Buffer containing message to hash hash Vector of unsigned bytes Buffer containing expected hash value","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » Parameters","id":"262","title":"Parameters"},"263":{"body":"No values are returned by this operation. If no error occurs, the computed hash matches the expected hash value.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » Results","id":"263","title":"Results"},"264":{"body":"PsaErrorInvalidSignature: The hash of the message was calculated successfully, but it differs from the expected hash. PsaErrorNotSupported: alg is not supported. PsaErrorInvalidArgument: The length of input or hash does not match the hash size for alg.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » Specific response status codes","id":"264","title":"Specific response status codes"},"265":{"body":"Calculates the hash of the given message, using the specified algorithm, and compares the result with an expected hash value.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » Description","id":"265","title":"Description"},"266":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaHashCompare » Contract","id":"266","title":"Contract"},"267":{"body":"Process an authenticated encryption operation. Opcode: 17 (0x0011)","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » PsaAeadEncrypt","id":"267","title":"PsaAeadEncrypt"},"268":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Aead The AEAD algorithm to compute nonce Vector of unsigned bytes Nonce or IV to use additional_data Vector of unsigned bytes Additional data that will be authenticated but not encrypted plaintext Vector of unsigned bytes Data that will be authenticated and encrypted key_name must allow the usage flag encrypt. nonce must be appropriate for the selected algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » Parameters","id":"268","title":"Parameters"},"269":{"body":"Name Type Description ciphertext Vector of unsigned bytes Buffer containing the authenticated and encrypted data The additional data is not part of ciphertext. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » Results","id":"269","title":"Results"},"27":{"body":"When you install Parsec with the package manager (on either openSUSE or Fedora), the package installation scripts will include the creation of a parsec-clients user group. Client applications that wish to use the Parsec service should first be made members of this group, otherwise they will be denied permission to access the service endpoint. To make your current user a member of parsec-clients, issue this command: sudo usermod -a -G parsec-clients $USER Please note that this change will not be applied immediately within your current terminal window. To ensure that these changes take effect, you can either log out and log back in as the same user, or you can forcibly apply the changes using this command: newgrp parsec-clients To ensure that the current user is a member of the parsec-clients group, use this command: groups and ensure that parsec-clients is in the list of groups.","breadcrumbs":"Getting Started » Installation Guide » Setting Up User Permissions","id":"27","title":"Setting Up User Permissions"},"270":{"body":"PsaErrorNotPermitted: The key does not have the encrypt flag, or it does not permit the requested algorithm. PsaErrorInvalidArgument: The key is not compatible with alg. PsaErrorNotSupported: alg is not supported.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » Specific response status codes","id":"270","title":"Specific response status codes"},"271":{"body":"Authenticates and encrypts the given data using the given AEAD algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » Description","id":"271","title":"Description"},"272":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadEncrypt » Contract","id":"272","title":"Contract"},"273":{"body":"Process an authenticated decryption operation. Opcode: 18 (0x0012)","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » PsaAeadDecrypt","id":"273","title":"PsaAeadDecrypt"},"274":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Aead The AEAD algorithm to compute nonce Vector of unsigned bytes Nonce or IV to use additional_data Vector of unsigned bytes Additional data that has been authenticated but not encrypted ciphertext Vector of unsigned bytes Data that has been authenticated and encrypted key_name must allow the usage flag decrypt. nonce must be appropriate for the selected algorithm. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, ciphertext must contain the encrypted data followed by the authentication tag.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » Parameters","id":"274","title":"Parameters"},"275":{"body":"Name Type Description plaintext Vector of unsigned bytes Buffer containing the decrypted data","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » Results","id":"275","title":"Results"},"276":{"body":"PsaErrorInvalidSignature: The ciphertext is not authentic. PsaErrorNotPermitted: The key does not have the decrypt flag, or it does not permit the requested algorithm. PsaErrorInvalidArgument: The key is not compatible with alg. PsaErrorNotSupported: alg is not supported.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » Specific response status codes","id":"276","title":"Specific response status codes"},"277":{"body":"Authenticates and decrypts the given data using the given AEAD algorithm. Process an authenticated decryption operation.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » Description","id":"277","title":"Description"},"278":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaAeadDecrypt » Contract","id":"278","title":"Contract"},"279":{"body":"Perform a key agreement and return the raw shared secret. Opcode: 19 (0x0013)","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » PsaRawKeyAgreement","id":"279","title":"PsaRawKeyAgreement"},"28":{"body":"When you install Parsec with the package manager, it will be installed as a system service. Use the following command to start the service immediately, and also ensure that it is enabled for automatic start on subsequent system boot: sudo systemctl enable --now parsec.service","breadcrumbs":"Getting Started » Installation Guide » Starting the Parsec Service","id":"28","title":"Starting the Parsec Service"},"280":{"body":"Name Type Description alg RawKeyAgreement The key agreement algorithm to compute private_key_name String Name of the private key to use peer_key Vector of unsigned bytes Public key of the peer private_key_name must allow the usage flag derive. peer_key must be in the same format that PsaImportKey accepts.","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » Parameters","id":"280","title":"Parameters"},"281":{"body":"Name Type Description shared_secret Vector of unsigned bytes The raw shared secret","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » Results","id":"281","title":"Results"},"282":{"body":"PsaErrorNotPermitted: The key does not have the derive usage flag , or does not permit the requested algorithm. PsaErrorInvalidArgument: private_key_name is not compatible with alg, or peer_key_name is not valid for alg or not compatible with private_key_name. PsaErrorNotSupported: alg is not a supported key agreement algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » Specific response status codes","id":"282","title":"Specific response status codes"},"283":{"body":"Warning: The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases, and is not suitable for use as key material. Instead it is recommended that the result is used as input to a key derivation algorithm. To chain a key agreement with a key derivation, use psa_key_derivation_key_agreement() and other functions from the key derivation interface.","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » Description","id":"283","title":"Description"},"284":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaRawKeyAgreement » Contract","id":"284","title":"Contract"},"285":{"body":"Encrypt a short message with a symmetric cipher. Opcode: 20 (0x0014)","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » PsaCipherEncrypt","id":"285","title":"PsaCipherEncrypt"},"286":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Cipher A cipher algorithm that is compatible with the type of key plaintext Vector of bytes Short message to encrypt key_name must allow the usage flag encrypt.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » Parameters","id":"286","title":"Parameters"},"287":{"body":"Name Type Description ciphertext Vector of bytes Buffer containing the random IV followed by the encrypted message","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » Results","id":"287","title":"Results"},"288":{"body":"PsaErrorNotPermitted: The key does not have the encrypt flag, or it does not permit the requested algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » Specific response status codes","id":"288","title":"Specific response status codes"},"289":{"body":"This function will encrypt a short message with a random initialisation vector (IV).","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » Description","id":"289","title":"Description"},"29":{"body":"To check that the installation is functional, issue this command: parsec-tool ping If the Parsec components are correctly installed and running, you should see output similar to the following: [INFO] Service wire protocol version\n1.0 If instead you see an error message, go back through the above steps and ensure that the service was started, and that your current user is a member of the parsec-clients group.","breadcrumbs":"Getting Started » Installation Guide » Checking the Installation","id":"29","title":"Checking the Installation"},"290":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherEncrypt » Contract","id":"290","title":"Contract"},"291":{"body":"Decrypt a short message with a symmetric cipher. Opcode: 21 (0x0015)","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » PsaCipherDecrypt","id":"291","title":"PsaCipherDecrypt"},"292":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Cipher A cipher algorithm that is compatible with the type of key ciphertext Vector of bytes IV followed by the ciphertext key_name must allow the usage flag decrypt. ciphertext must be the IV followed by the ciphertext.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » Parameters","id":"292","title":"Parameters"},"293":{"body":"Name Type Description plaintext Vector of bytes Buffer containing decrypted message","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » Results","id":"293","title":"Results"},"294":{"body":"PsaErrorNotPermitted: The key does not have the decrypt flag, or it does not permit the requested algorithm. PsaErrorInvalidPadding: The decrypted padding is incorrect. See Warning below.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » Specific response status codes","id":"294","title":"Specific response status codes"},"295":{"body":"This function will decrypt a short message using the provided initialisation vector (IV). Warning: In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct (see Klíma et al ). Protocols that use authenticated encryption are recommended for use by applications, rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » Description","id":"295","title":"Description"},"296":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaCipherDecrypt » Contract","id":"296","title":"Contract"},"297":{"body":"Calculate the MAC of a message. Opcode: 22 (0x0016)","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » PsaMacCompute","id":"297","title":"PsaMacCompute"},"298":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Mac Mac algorithm to compute input Vector of bytes Buffer containing the input message key_name must allow the usage flag sign_message.","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » Parameters","id":"298","title":"Parameters"},"299":{"body":"Name Type Description mac Vector of bytes Buffer containing the MAC","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » Results","id":"299","title":"Results"},"3":{"body":"Parsec is founded on the Platform Security Architecture (PSA) . The PSA is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. The PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. One of the provisions of the PSA is the PSA Crypto API . The PSA Crypto API is a comprehensive library of modern security primitives covering the following functional areas: Key provisioning and management Hashing Signing Message Authentication Codes (MAC) Asymmetric encryption Symmetric encryption Authenticated Encryption with Associated Data (AEAD) Key derivation Entropy (random number generation) A crucial characteristic of the PSA Crypto API is that applications always reference the keys opaquely, making it ideally suited to implementations where keys are provisioned within hardware and are never exposed. The PSA Crypto API is defined in the C language. Parsec adopts the operations and contracts of the C API, and uses them as the basis for a language-independent wire protocol . Each operation is defined, along with all of its inputs and outputs, as a serializable contract, making it suitable to be invoked over an Inter-Process Communication (IPC) transport. Parsec maintains functional equivalence with the PSA Crypto API, but allows for out-of-process callers in any programming language.","breadcrumbs":"Overview » Basis in Platform Security Architecture","id":"3","title":"Basis in Platform Security Architecture"},"30":{"body":"If you are using a system that does not support installing Parsec through the package manager, you can get familiar with Parsec by downloading the latest release from GitHub and running it manually as a quick-start package. This is currently supported for any 64-bit Linux system running on the x86 architecture. Note: this method is suitable for familiarisation and experimentation only. Do not use this method in production environments. To securely install Parsec on Linux for production, check this guide instead .","breadcrumbs":"Getting Started » Installation Guide » Option 2: Download a Quick-Start Release","id":"30","title":"Option 2: Download a Quick-Start Release"},"300":{"body":"PsaErrorNotPermitted: The key does not have the sign_message flag, or it does not permit the requested algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » Specific response status codes","id":"300","title":"Specific response status codes"},"301":{"body":"This function will calculate the message authentication code (MAC) of a message.","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » Description","id":"301","title":"Description"},"302":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaMacCompute » Contract","id":"302","title":"Contract"},"303":{"body":"Calculate the MAC of a message and compare it to an expected value. Opcode: 23 (0x0017)","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » PsaMacVerify","id":"303","title":"PsaMacVerify"},"304":{"body":"Name Type Description key_name String Name of the key to use for the operation alg Mac Mac algorithm to compute input Vector of bytes Buffer containing the input message mac Vector of bytes Buffer containing the expected MAC value key_name must allow the usage flag verify_message.","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » Parameters","id":"304","title":"Parameters"},"305":{"body":"No values are returned by this operation. If Success is returned the MAC is valid.","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » Results","id":"305","title":"Results"},"306":{"body":"PsaErrorNotPermitted: The key does not have the verify_message flag, or it does not permit the requested algorithm. PsaErrorInvalidSignature: The MAC of the message was calculated successfully, but it differs from the expected value.","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » Specific response status codes","id":"306","title":"Specific response status codes"},"307":{"body":"This function will calculate the message authentication code (MAC) of a message and compare it to an expected value.","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » Description","id":"307","title":"Description"},"308":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaMacVerify » Contract","id":"308","title":"Contract"},"309":{"body":"Sign a message with a private key. Opcode: 24 (0x0018)","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » PsaSignMessage","id":"309","title":"PsaSignMessage"},"31":{"body":"To download a pre-built release of Parsec, you need to be running a 64-bit Linux system on the x86 architecture, and you need to have at least version 2.27 of the Gnu C Library (GLIBC), which you can check by running the following command: ldd --version","breadcrumbs":"Getting Started » Installation Guide » Check that Your System is Suitable","id":"31","title":"Check that Your System is Suitable"},"310":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricSignature An asymmetric signature algorithm that separates the message and sign operations that is compatible with the type of key message Vector of bytes The message to sign key_name must be the name of an asymmetric key pair. The key must allow the usage flag sign_message.","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » Parameters","id":"310","title":"Parameters"},"311":{"body":"Name Type Description signature Vector of bytes Buffer containing the signature","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » Results","id":"311","title":"Results"},"312":{"body":"PsaErrorNotPermitted: The key does not have the sign_message flag, or it does not permit the requested algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » Specific response status codes","id":"312","title":"Specific response status codes"},"313":{"body":"This function will sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » Description","id":"313","title":"Description"},"314":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaSignMessage » Contract","id":"314","title":"Contract"},"315":{"body":"Verify the signature of a message using a public key. Opcode: 25 (0x0019)","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyMessage » PsaVerifyMessage","id":"315","title":"PsaVerifyMessage"},"316":{"body":"Name Type Description key_name String Name of the key to use for the operation alg AsymmetricSignature An asymmetric signature algorithm that separates the message and sign operations that is compatible with the type of key message Vector of bytes The message whose signature is to be verified signature Vector of bytes Buffer containing the signature to verify key_name must be the name of a public key or an asymmetric key pair. The key must allow the usage flag verify_message. No values are returned by this operation. If Success is returned the signature is valid.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyMessage » Parameters","id":"316","title":"Parameters"},"317":{"body":"PsaErrorNotPermitted: The key does not have the verify_message flag, or it does not permit the requested algorithm. PsaErrorInvalidSignature: The calculation was performed successfully, but the passed signature is not a valid signature.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyMessage » Specific response status codes","id":"317","title":"Specific response status codes"},"318":{"body":"This function will verify the signature of a message with a public key, using a hash-and-sign verification algorithm.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyMessage » Description","id":"318","title":"Description"},"319":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PsaVerifyMessage » Contract","id":"319","title":"Contract"},"32":{"body":"Run the following command to download and unpack the quickstart-1.2.0-linux_x86_64 folder. curl -s -N -L https://github.com/parallaxsecond/parsec/releases/download/1.2.0/quickstart-1.2.0-linux_x86_64.tar.gz | tar xz The resulting directory contains the following structure quickstart-1.2.0-linux_x86_64\n├── bin\n│ ├── parsec # The parsec binary\n│ └── parsec-tool # The parsec client tool\n└── quickstart ├── README.md # Quickstart README ├── build.txt # Information about the Parsec build environment ├── config.toml # The config file used by parsec └── parsec-cli-tests.sh # Standard parsec-tool tests The following examples assume you've navigated to the quickstart-1.2.0-linux_x86_64/quickstart directory, so let's do that now. cd quickstart-1.2.0-linux_x86_64/quickstart","breadcrumbs":"Getting Started » Installation Guide » Download the Latest Quick-Start Release Bundle","id":"32","title":"Download the Latest Quick-Start Release Bundle"},"320":{"body":"Lists all keys belonging to the application. Opcode: 26 (0x001A)","breadcrumbs":"Parsec for client developers » Operations » ListKeys » ListKeys","id":"320","title":"ListKeys"},"321":{"body":"No parameters are needed for this operation.","breadcrumbs":"Parsec for client developers » Operations » ListKeys » Parameters","id":"321","title":"Parameters"},"322":{"body":"Name Type Description keys Vector of KeyInfo List of key information","breadcrumbs":"Parsec for client developers » Operations » ListKeys » Results","id":"322","title":"Results"},"323":{"body":"A KeyInfo type contains the following members: Name Type Description provider_id Unsigned integer ID of the provider holding the key name String Name of the key attributes KeyAttributes Attributes of the key","breadcrumbs":"Parsec for client developers » Operations » ListKeys » KeyInfo type","id":"323","title":"KeyInfo type"},"324":{"body":"No specific response status codes returned.","breadcrumbs":"Parsec for client developers » Operations » ListKeys » Specific response status codes","id":"324","title":"Specific response status codes"},"325":{"body":"This operation lists all the keys that an application created in all providers.","breadcrumbs":"Parsec for client developers » Operations » ListKeys » Description","id":"325","title":"Description"},"326":{"body":"Protobuf Copyright 2020 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » ListKeys » Contract","id":"326","title":"Contract"},"327":{"body":"Lists all clients currently having keys in the service. Opcode: 27 (0x001B)","breadcrumbs":"Parsec for client developers » Operations » ListClients » ListClients","id":"327","title":"ListClients"},"328":{"body":"No parameters are needed for this operation.","breadcrumbs":"Parsec for client developers » Operations » ListClients » Parameters","id":"328","title":"Parameters"},"329":{"body":"Name Type Description clients Vector of String List of clients","breadcrumbs":"Parsec for client developers » Operations » ListClients » Results","id":"329","title":"Results"},"33":{"body":"Calls to the parsec-tool assume that the environment variable PARSEC_SERVICE_ENDPOINT has been set to the path for the socket created by the parsec process. By default, that socket is placed in the directory where you've executed the parsec command, so we can configure that variable as such export PARSEC_SERVICE_ENDPOINT=unix:$(pwd)/parsec.sock It may also be helpful to add the bin directory to your path. The examples below assume that this has been done. export PATH=${PATH}:$(pwd)/../bin","breadcrumbs":"Getting Started » Installation Guide » Configure Your Environment","id":"33","title":"Configure Your Environment"},"330":{"body":"AdminOperation: this operation is an admin operation and cannot be requested by a user application.","breadcrumbs":"Parsec for client developers » Operations » ListClients » Specific response status codes","id":"330","title":"Specific response status codes"},"331":{"body":"This operation lists all clients that are currently storing data in the Parsec service. The clients field contain a vector of the application names used by clients. This operation necessitates admin privilege. Only the clients using the same authentication method as this request will be listed. It has no impact currently as only one authentication method in the service is supported but might do if the service supports multiple. Note: this operation might return wrong results if clients' data is being modified while it executes. For example, if a new client is creating keys while this operation is being performed, this new client might not show in the output.","breadcrumbs":"Parsec for client developers » Operations » ListClients » Description","id":"331","title":"Description"},"332":{"body":"Protobuf Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » ListClients » Contract","id":"332","title":"Contract"},"333":{"body":"Delete all keys a client has in the service. Opcode: 28 (0x001C)","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » DeleteClient","id":"333","title":"DeleteClient"},"334":{"body":"Name Type Description client String Client to delete","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » Parameters","id":"334","title":"Parameters"},"335":{"body":"No values are returned by this operation.","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » Results","id":"335","title":"Results"},"336":{"body":"AdminOperation: this operation is an admin operation and cannot be requested by a user application.","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » Specific response status codes","id":"336","title":"Specific response status codes"},"337":{"body":"This operation deletes all data a client owns in Parsec. The client parameter string must match one of the clients returned by the ListClients operation. This operation necessitates admin privilege. Only the clients using the same authentication method as this request will be deleted. It has no impact currently as only one authentication method in the service is supported but might do if the service supports multiple. Note: this operation might return wrong results if clients' data is being modified while it executes. For example, if the client named creates a new key while this operation is being performed, this key might not be deleted.","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » Description","id":"337","title":"Description"},"338":{"body":"Protobuf Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » DeleteClient » Contract","id":"338","title":"Contract"},"339":{"body":"This page defines the mechanism-specific inputs and outputs of PrepareKeyAttestation. For an in-depth look at the mechanisms and hardware tokens that we've considered, you can read our write-up here . Each mechanism that needs preparation comes with its own definitions for PrepareKeyAttestationParams and PrepareKeyAttestationOutput. (EXPERIMENTAL) The parameters for key attestation are in an experimental phase. No guarantees are offered around the stability of the interface for any key attestation mechanism.","breadcrumbs":"Parsec for client developers » Operations » Prepare Key Attestation Parameters » Prepare Key Attestation Parameters","id":"339","title":"Prepare Key Attestation Parameters"},"34":{"body":"Start the Parsec service with this command: parsec & You should see some lines of console output as the service starts, ending with the following: [INFO parsec] Parsec is ready.","breadcrumbs":"Getting Started » Installation Guide » Start the Parsec Service","id":"34","title":"Start the Parsec Service"},"340":{"body":"The preparation necessary for ActivateCredential involves retrieving the data necessary for performing the TPM2_MakeCredential computations outside of a TPM. The results from MakeCredential can then be passed to AttestKey. The service returns the TPM-specific name of the object to be attested, its public parameters, and the public part of the attesting key. These three components can then be used by a 3rd party to generate an encrypted credential to be used in AttestKey. The algorithm for protecting the credential is defined in the TPM 2.0 Architecture spec , section B.10.4. The public parameters of the key which will be attested are not strictly necessary in generating the encrypted credential. The reason for its inclusion, however, rests on the need of the 3rd party to verify that the object they are about to attest is indeed the one they expect. The process of encrypting the credential involves deriving a symmetric key using the TPM-specific name of the object to be attested. This name is obtained by performing a hash over the public parameters of the object, and can thus be verified by the 3rd party if those parameters are available.","breadcrumbs":"Parsec for client developers » Operations » Prepare Key Attestation Parameters » ActivateCredential (TPM provider)","id":"340","title":"ActivateCredential (TPM provider)"},"341":{"body":"Name Type Description attested_key_name String Name of the key to be attested attesting_key_name String Name of the key to use for attesting if attesting_key_name is empty, the default key for the ActivateCredential mechanism will be used","breadcrumbs":"Parsec for client developers » Operations » Prepare Key Attestation Parameters » PrepareKeyAttestationParams","id":"341","title":"PrepareKeyAttestationParams"},"342":{"body":"Name Type Description name Vector of unsigned bytes TPM-specific name of the key object to be attested public Vector of unsigned bytes Public parameters of the key object to be attested attesting_key_pub Vector of unsigned bytes Buffer containing the public part of the attesting key name represents the contents of the name field within the TPM2B_NAME structure. public represents the contents of the publicArea field within the TPM2B_PUBLIC structure. attesting_key_pub represents a public key encoded in the format specified for PsaExportPublicKey Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » Prepare Key Attestation Parameters » PrepareKeyAttestationOutput","id":"342","title":"PrepareKeyAttestationOutput"},"343":{"body":"Prepare the backend for performing a key attestation with a given algorithm and retrieve any data necessary prior to the attestation operation. Opcode: 31 (0x001F) (EXPERIMENTAL) This operation is in an experimental phase. No guarantees are offered around the stability of the contracts.","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » PrepareKeyAttestation","id":"343","title":"PrepareKeyAttestation"},"344":{"body":"Name Type Description parameters PrepareKeyAttestationParams Attestation mechanism-specific parameters","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » Parameters","id":"344","title":"Parameters"},"345":{"body":"Name Type Description output PrepareKeyAttestationOutput Attestation mechanism-specific output","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » Results","id":"345","title":"Results"},"346":{"body":"TBD","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » Specific response status codes","id":"346","title":"Specific response status codes"},"347":{"body":"This operation performs any preparation steps required by the AttestKey operation. These steps are attestation-mechanism specific and can include performing any service-side setup, as well as obtaining any data necessary to the client or 3rd party requesting the attestation. NOTE: Only some of the attestation mechanisms require preparation. You can check which ones do in their descriptions on the key attestation parameters page . Their corresponding preparation parameters can be found on the key attestation preparation parameters page .","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » Description","id":"347","title":"Description"},"348":{"body":"TBD Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » PrepareKeyAttestation » Contract","id":"348","title":"Contract"},"349":{"body":"Attest that a Parsec-managed key is protected by a hardware backend. Opcode: 30 (0x001E) (EXPERIMENTAL) This operation is in an experimental phase. No guarantees are offered around the stability of the contracts and abstract definition of the operation, or of any associated key attestation mechanism.","breadcrumbs":"Parsec for client developers » Operations » AttestKey » AttestKey","id":"349","title":"AttestKey"},"35":{"body":"You can now use the parsec-tool to check that the service is running: parsec-tool ping If the Parsec components are correctly downloaded and running, you should see output similar to the following: [INFO] Service wire protocol version\n1.0","breadcrumbs":"Getting Started » Installation Guide » Using the Parsec Tool","id":"35","title":"Using the Parsec Tool"},"350":{"body":"Name Type Description attested_key_name String Name of the key to attest parameters AttestationMechanismParams Attestation mechanism-specific parameters attesting_key_name String Name of the key to use for attesting The exact usage flags required by the attesting key are determined by the mechanism used, also described on the key attestation parameters page .","breadcrumbs":"Parsec for client developers » Operations » AttestKey » Parameters","id":"350","title":"Parameters"},"351":{"body":"Name Type Description output AttestationOutput Attestation mechanism-specific output","breadcrumbs":"Parsec for client developers » Operations » AttestKey » Results","id":"351","title":"Results"},"352":{"body":"TBD","breadcrumbs":"Parsec for client developers » Operations » AttestKey » Specific response status codes","id":"352","title":"Specific response status codes"},"353":{"body":"This operation performs a key attestation using a mechanism supported by the backend holding the key. The purpose of the operation is to help a Parsec client provide proof to a 3rd party that some key provisioned by the client is indeed stored and secured by a hardware backend. As such, the operation is backed by native functionality in the hardware to attest to ownership of the key. Given the wide variety of possible mechanisms, many of the properties, restrictions, and formats involved are mechanism-dependent, including: Properties of the attested key (e.g. whether it was created within the backend or imported) Properties of the attesting key (e.g. if it must be able to sign or decrypt) Number, content, and purpose of parameters required by the attestation Contents and format of the output Whether or not the attesting key can be specified All such characteristics are thoroughly described per mechanism on the key attestation parameters page . All instances of backends that support AttestKey must be configured with a default, root key that has been pre-provisioned and which can be used to produce attestations. This default attesting key is selected by leaving the attesting_key_name empty. If the backend allows other keys to be used for attesting, attestation chains can be created starting from the root key. AttestKey applies to asymmetric key pairs only.","breadcrumbs":"Parsec for client developers » Operations » AttestKey » Description","id":"353","title":"Description"},"354":{"body":"TBD Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » AttestKey » Contract","id":"354","title":"Contract"},"355":{"body":"This page defines the mechanism-specific inputs and outputs of AttestKey. For an in-depth look at the mechanisms and hardware tokens that we've considered, you can read our write-up here . Each mechanism comes with its own definitions for AttestationMechanismParams and AttestationOutput. (EXPERIMENTAL) The parameters for key attestation are in an experimental phase. No guarantees are offered around the stability of the interface for any key attestation mechanism.","breadcrumbs":"Parsec for client developers » Operations » Attest Key Parameters » Key Attestation Parameters","id":"355","title":"Key Attestation Parameters"},"356":{"body":"The TPM 2.0 Commands spec describes the TPM2_ActivateCredential operation as follows: This command enables the association of a credential with an object in a way that ensures that the TPM has validated the parameters of the credentialed object. TPM2_ActivateCredential allows a 3rd party to be assured of the protection of a key by means of an encrypted credential. The 3rd party produces a random credential and encrypts it using the algorithm defined in the TPM 2.0 Architecture spec , section B.10.4. The outputs of that algorithm (the encrypted and HMAC-protected credential, and a secret seed encrypted with the public part of the attesting key) are sent to the Parsec service which proceeds to perform the operation and returns the decrypted credential. The 3rd party can then be certain that the key is protected by a TPM by confirming that the credential sent and the one received are identical. The computation mentioned previously relies on a number of parameters that must be obtained from the Parsec service. As some of these parameters are strictly TPM-specific, they can be retrieved with the PrepareKeyAttestation operation. You can see how to perform the preparation step for ActivateCredential here . This mechanisms is thus aimed at attesting keys that are configured for decryption (as opposed to signing) and is of particular interest because the Endorsement Keys for which TPM manufacturers produce certificates are overwhelmingly decryption keys. The parameters and output follow the inputs and outputs of TPM2_ActivateCredential as defined in the TPM 2.0 Structures spec .","breadcrumbs":"Parsec for client developers » Operations » Attest Key Parameters » ActivateCredential (TPM provider)","id":"356","title":"ActivateCredential (TPM provider)"},"357":{"body":"Name Type Description credential_blob Vector of unsigned bytes Protected credential secret Vector of unsigned bytes Attesting key-encrypted secret credential_blob represents the contents of the credential field within the TPM2B_ID_OBJECT structure. secret represents the contents of the secret field within the TPM2B_ENCRYPTED_SECRET structure.","breadcrumbs":"Parsec for client developers » Operations » Attest Key Parameters » AttestationMechanismParams","id":"357","title":"AttestationMechanismParams"},"358":{"body":"Name Type Description credential Vector of unsigned bytes Credential returned by the TPM credential represents the contents of the buffer field within the TPM2B_DIGEST structure. Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » Attest Key Parameters » AttestationOutput","id":"358","title":"AttestationOutput"},"359":{"body":"Check if the provider supports: using a specific algorithm with an existing key generating a key and optionally using it for a specific algorithm importing a key and optionally using it for a specific algorithm deriving a key and optionally using it for a specific algorithm (to be checked) Opcode: 32 (0x0020) (EXPERIMENTAL) This operation is still being implemented and so no guarantees are offered around the stability of the interface for any capability discovery mechanism.","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » CanDoCrypto","id":"359","title":"CanDoCrypto"},"36":{"body":"When using the Parsec service as a pre-built download, it will not be installed as a system service. Therefore, to stop the service, issue the following command: pkill parsec You should see some lines of output ending with: [INFO parsec] Parsec is now terminated. You can also cause the service to restart, which can be useful if you have made some configuration changes for example. This command will cause the service to reload its configuration and restart: pkill -SIGHUP parsec Again, this will produce some lines of output, and the final line will be: [INFO parsec] Parsec configuration reloaded.","breadcrumbs":"Getting Started » Installation Guide » Controlling the Service Manually","id":"36","title":"Controlling the Service Manually"},"360":{"body":"Name Type Description check_type CheckType Type of the check performed attributes KeyAttributes Value to be checked","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » Parameters","id":"360","title":"Parameters"},"361":{"body":"A CheckType type can contain one of the following: Use Generate Import Derive","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » CheckType type","id":"361","title":"CheckType type"},"362":{"body":"No values are returned by this operation","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » Results","id":"362","title":"Results"},"363":{"body":"Success: the check is successful (supported). PsaErrorNotPermitted: the check failed due to a mismatch between the algorithm and the key type (not supported). PsaErrorNotSupported: the check failed for any other reason (not supported).","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » Specific response status codes","id":"363","title":"Specific response status codes"},"364":{"body":"The meaning of the operation depends of the value of check_type: Use: the operation checks if an existing key of the same key type than in the attributes and the same length can be used to perform the algorithm in key_policy.key_algorithm. If the key_bits is 0, check for a key of any size. Generate: checks if a key with the same attributes can be generated. If the key_algorithm is not None, also perform the Use check. If the key_bits is 0, check for a key of any size. Import: checks if a key with the same attributes can be imported. If the key_algorithm is not None, also perform the Use check. If the key_bits is 0, check for a key of any size. Derive: checks if a key with the same attributes can be derived. If the key_algorithm is not None, also perform the Use check. If the key_bits is 0, check for a key of any size.","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » Description","id":"364","title":"Description"},"365":{"body":"Protobuf Copyright 2021 Contributors to the Parsec project.","breadcrumbs":"Parsec for client developers » Operations » CanDoCrypto » Contract","id":"365","title":"Contract"},"366":{"body":"Find in this sections guides for those looking to work hands-on with the Parsec service source code. They cover the following concepts: Interfaces and Dataflow - description of all the components forming the Parsec service and their interactions Source Code Structure - overview of Parsec service source code organisation Parsec Providers - overview of current Parsec providers Parsec Converters - overview of current Parsec converters Parsec Authenticators - overview of current Parsec authenticators Parsec Listeners - overview of current Parsec listeners Parsec Key Info Managers - overview of current Parsec key info managers Writing a Provider - guide for implementing a new provider that will add Parsec support for new platforms Building and Running - description of the options that can be used for building and running the service Installation - installing Parsec as a systemd daemon Configuration - how to configure Parsec Testing - details about the kinds of tests we employ and how to set up your environment in preparation for running them Stability - how stability is ensured in the Parsec service Copyright 2019 Contributors to the Parsec project.","breadcrumbs":"Parsec for service developers » Parsec for service developers","id":"366","title":"Parsec for service developers"},"367":{"body":"","breadcrumbs":"Parsec for service developers » Interfaces and Dataflow » Interfaces and Dataflow","id":"367","title":"Interfaces and Dataflow"},"368":{"body":"This document describes the key interfaces and data flows within the service. It can be used in combination with the source code structure and wire protocol documents to gain an understanding of how API requests are received by the service and ultimately fulfilled by providers.","breadcrumbs":"Parsec for service developers » Interfaces and Dataflow » Introduction","id":"368","title":"Introduction"},"369":{"body":"The sections within this documentation are best understood with reference to the following data flow diagram. The shaded areas below can also be used to cross-reference the data flow with the source code structure document, which can help with finding the relevant definitions and implementations. Data Flow Diagram","breadcrumbs":"Parsec for service developers » Interfaces and Dataflow » Data Flow Diagram","id":"369","title":"Data Flow Diagram"},"37":{"body":"The quick-start bundle also contains the parsec-cli-tests.sh testing script, which executes a simple set of tests to ensure that the Parsec service is operating correctly. Some of these tests use the local openssl installation as a point of comparison, ensuring that Parsec's results are equivalent to those expected by openssl. As this script uses the parsec-tool, the PARSEC_SERVICE_ENDPOINT environment variable needs to be set as follows: export PARSEC_SERVICE_ENDPOINT=\"unix:$(pwd)/parsec.sock\" If parsec-tool is not installed into a directory included in PATH, then you also need to define PARSEC_TOOL environment variable with a full path to it: export PARSEC_TOOL=\"$(pwd)/parsec-tool\" To run the script, simply execute it without any arguments as follows: ./parsec-cli-tests.sh The script will run a sequence of operations and produce output along the following lines: Checking Parsec service...\n[INFO ] Service wire protocol version\n1.0 Testing Mbed Crypto provider - Test random number generation\n[DEBUG] Parsec BasicClient created with implicit provider \"Mbed Crypto provider\" and authentication data \"UnixPeerCredentials\"\n[INFO ] Generating 10 random bytes...\n[DEBUG] Running getuid\n[INFO ] Random bytes:\nA6 F5 90 24 DF FF 50 1F 29 2E\n.... The parsec-cli-tests.sh script also accepts some command-line parameters to adjust its behaviour. You can use the -h option to get additional help on these. Note: If openssl is not installed into a directory included in PATH then you also need to define OPENSSL environment variable with a full path to it: export OPENSSL=\"