Bosch IoT Rollouts

2023-06-29 - Signing with asymmetric keys and default packaging format introduced

Version: 2023.06.29.58

New Features

Introduce signing with asymmetric keys

In addition to the existing integration with Escrypt.KMS for signing, this release adds management of asymmetric keys for signing directly within the Sign & Encrypt service. So there is no need for a 3rd party public key infrastructure anymore (PKI). Initially, the following algorithms for signing are supported:

  • SHA256_RSA_3072_PSS

  • SHA256_RSA_4096_PSS

  • ECC_NIST_P256

  • ED25519

Provide default packaging format

The packaging format may be very project-specific if already available or defined. However, there are also projects that do not have a specified format yet. For them, we now introduce a default packaging format that can be used.

For more details see S&E Default packaging.


[MECS-18044] - Provide user documentation
[MECS-18876] - Add support for further symmetric ciphers for encryption
[MECS-18877] - Introduce asymmetric key management for signing
[MECS-18885] - Introduce default packaging flow
[MECS-18943] - Make signing and encryption ciphers configurable per tenant
[MECS-18986] - Support Suite Auth OAuth tokens API authentication
[MECS-19013] - Introduce API to provide tenant supported encryption and signing algorithms

Improvements

[MECS-18888] - Automatic cleanup tokens generated for packaging lambdas
[MECS-19109] - Update AWS Load Balancer TLS policy to "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
[FLOWS-4382] - Show access token in user info dialog in the UI, with the possibility to copy to clipboard