Articles in this section

Machina Tools CLI Release Notes v 2.1.0

Courtney Evans
  • Updated
Follow

Introduction

Welcome to the 2.1.0 release of the Machina SDK CLI, machina. The CLI implements most of the functionality of the Machina SDK as a command-line utility, (basically, all the features that make sense in this context). The Machina SDK is the client-side of Ionic's Machina platform. It interacts with the Machina platform to retrieve keys controlled by Machina policy and implements client-side encryption and decryption services with those keys. Generally speaking, a user can use the CLI to do enrollment, key management, and encryption/decryption tasks. You can find an introduction to the Machina platform including a variety of "getting started" tutorials at Ionic's Machina developer portal

This release contains significant changes to the underlying cryptography, including the integration (by default) of the FIPS-validated version of the OpenSSL open source library.

Details are summarized below.

New Features

CryptoPP Usage Mostly Replaced with OpenSSL

  • SDK usage of the CryptoPP cryptography library has been replaced with the OpenSSL v1.0.2 library, which is FIPS 140-2 validated.
  • CryptoPP usage is limited to use of the Shamir Secret Sharing algorithm (used in the SecretShare Persistor).

Alternative Cryptography Library (Platform-Specific) Available

  • The SDK package includes an additional platform-specific implementation of the CryptoAbstract interface. This library may be used instead of the OpenSSL FIPS implementation if needed, in order to work around cross-platform limitations.
  • The raw module --disableFips command-line switch controls the specification of the cryptography library in use. Consult the man file for more information.

Additional Documentation Included with Release Distributable

The SDK release distributable now includes the following documents, in markdown and html formats:

  • README, describing high-level SDK project functionality
  • LICENSE, providing the Machina license agreement for Ionic resources
  • CHANGELOG, with line items providing summary information about the issues included in each release
  • RELEASE_NOTES, detailing the features and fixes included in the release

Issues Addressed

  • Chunk cryptography operations now send request metadata as specified by the caller.
  • The Machina CLI installer (Linux) now links to the correct system version of the libcurl shared library.
  • CLI operations now provide a more useful error when no entropy is available from the system.
  • CLI error output has been improved for additional error conditions.
  • Issues have been addressed with the documentation of the ProfilePersistor classes, and their relationship to the base Agent class.
  • KeyVault requests now properly filter expired keys out of responses.
  • Management of the key vault filesystem cache has been improved.
  • Additional logging has been added to better diagnose error conditions when they occur during CLI usage.

Discontinued Support

  • None.

Additional Notes

  • None.

Supported Platforms

The Machina SDK CLI is tested against the following platform configurations:

Platform Version
Linux CentOS 7.8-2003
Linux Ubuntu 18.04
Windows Windows 8.1 (64 bit)
Windows Windows 10 (64 bit)
macOS macOS 13 (High Sierra)
macOS macOS 14 (Mojave)
macOS macOS 15 (Catalina)

Known Issues

  • None.

Related articles

Comments

0 comments

Please sign in to leave a comment.