Introduction
Welcome to the 2.1.0 release of the Machina SDK CLI, machina
. The CLI implements most of the functionality of the Machina SDK as a command-line utility, (basically, all the features that make sense in this context). The Machina SDK is the client-side of Ionic's Machina platform. It interacts with the Machina platform to retrieve keys controlled by Machina policy and implements client-side encryption and decryption services with those keys. Generally speaking, a user can use the CLI to do enrollment, key management, and encryption/decryption tasks. You can find an introduction to the Machina platform including a variety of "getting started" tutorials at Ionic's Machina developer portal
This release contains significant changes to the underlying cryptography, including the integration (by default) of the FIPS-validated version of the OpenSSL open source library.
Details are summarized below.
New Features
CryptoPP Usage Mostly Replaced with OpenSSL
- SDK usage of the CryptoPP cryptography library has been replaced with the OpenSSL v1.0.2 library, which is FIPS 140-2 validated.
- CryptoPP usage is limited to use of the Shamir Secret Sharing algorithm (used in the SecretShare Persistor).
Alternative Cryptography Library (Platform-Specific) Available
- The SDK package includes an additional platform-specific implementation of the CryptoAbstract interface. This library may be used instead of the OpenSSL FIPS implementation if needed, in order to work around cross-platform limitations.
- The
raw module --disableFips
command-line switch controls the specification of the cryptography library in use. Consult theman
file for more information.
Additional Documentation Included with Release Distributable
The SDK release distributable now includes the following documents, in markdown and html formats:
README
, describing high-level SDK project functionalityLICENSE
, providing the Machina license agreement for Ionic resourcesCHANGELOG
, with line items providing summary information about the issues included in each releaseRELEASE_NOTES
, detailing the features and fixes included in the release
Issues Addressed
- Chunk cryptography operations now send request metadata as specified by the caller.
- The Machina CLI installer (Linux) now links to the correct system version of the
libcurl
shared library. - CLI operations now provide a more useful error when no entropy is available from the system.
- CLI error output has been improved for additional error conditions.
- Issues have been addressed with the documentation of the ProfilePersistor classes, and their relationship to the base Agent class.
- KeyVault requests now properly filter expired keys out of responses.
- Management of the key vault filesystem cache has been improved.
- Additional logging has been added to better diagnose error conditions when they occur during CLI usage.
Discontinued Support
- None.
Additional Notes
- None.
Supported Platforms
The Machina SDK CLI is tested against the following platform configurations:
Platform | Version |
---|---|
Linux | CentOS 7.8-2003 |
Linux | Ubuntu 18.04 |
Windows | Windows 8.1 (64 bit) |
Windows | Windows 10 (64 bit) |
macOS | macOS 13 (High Sierra) |
macOS | macOS 14 (Mojave) |
macOS | macOS 15 (Catalina) |
Known Issues
- None.
Comments
0 comments
Please sign in to leave a comment.