Welcome to the 2.1.0 release of the Machina SDK CLI,
machina. The CLI implements most of the functionality of the Machina SDK as a command-line utility, (basically, all the features that make sense in this context). The Machina SDK is the client-side of Ionic's Machina platform. It interacts with the Machina platform to retrieve keys controlled by Machina policy and implements client-side encryption and decryption services with those keys. Generally speaking, a user can use the CLI to do enrollment, key management, and encryption/decryption tasks. You can find an introduction to the Machina platform including a variety of "getting started" tutorials at Ionic's Machina developer portal
This release contains significant changes to the underlying cryptography, including the integration (by default) of the FIPS-validated version of the OpenSSL open source library.
Details are summarized below.
CryptoPP Usage Mostly Replaced with OpenSSL
- SDK usage of the CryptoPP cryptography library has been replaced with the OpenSSL v1.0.2 library, which is FIPS 140-2 validated.
- CryptoPP usage is limited to use of the Shamir Secret Sharing algorithm (used in the SecretShare Persistor).
Alternative Cryptography Library (Platform-Specific) Available
- The SDK package includes an additional platform-specific implementation of the CryptoAbstract interface. This library may be used instead of the OpenSSL FIPS implementation if needed, in order to work around cross-platform limitations.
raw module --disableFipscommand-line switch controls the specification of the cryptography library in use. Consult the
manfile for more information.
Additional Documentation Included with Release Distributable
The SDK release distributable now includes the following documents, in markdown and html formats:
README, describing high-level SDK project functionality
LICENSE, providing the Machina license agreement for Ionic resources
CHANGELOG, with line items providing summary information about the issues included in each release
RELEASE_NOTES, detailing the features and fixes included in the release
- Chunk cryptography operations now send request metadata as specified by the caller.
- The Machina CLI installer (Linux) now links to the correct system version of the
- CLI operations now provide a more useful error when no entropy is available from the system.
- CLI error output has been improved for additional error conditions.
- Issues have been addressed with the documentation of the ProfilePersistor classes, and their relationship to the base Agent class.
- KeyVault requests now properly filter expired keys out of responses.
- Management of the key vault filesystem cache has been improved.
- Additional logging has been added to better diagnose error conditions when they occur during CLI usage.
The Machina SDK CLI is tested against the following platform configurations:
|Windows||Windows 8.1 (64 bit)|
|Windows||Windows 10 (64 bit)|
|macOS||macOS 13 (High Sierra)|
|macOS||macOS 14 (Mojave)|
|macOS||macOS 15 (Catalina)|