Third-party Software
clairet Contents
Credential Manager Third Party Software
This page details the third party software that is required to build Credential Manager
OpenSSL
OpenSSL is used to provide cryptographic functions to DDKG. It is a proven trusted implementation that has been used commercially for decades. We build our DDKG against OpenSSL FIPS 140 compliant algorithms to ensure FIPS compatibility where required.
We support the following versions of OpenSSL, however, we recommend using the latest OpenSSL v3.x.
Release
Supported Versions
Notes
OpenSSL v3.0
v3.0.9, v3.0.10
OpenSSL v1.1.1
v1.1.1u
OpenSSL v1.0
v1.0h
This is deprecated, however, for brownfield devices we can continue to build for OpenSSL v1.0.
Note that let’s encrypt certificates cannot be verified when using v1.0.x openSSL due to the re-issuing of the let’s encrypt root CA.
Credential Manager Third Party Software
This page details the third party software that is required to build Credential Manager
OpenSSL
OpenSSL is used to provide cryptographic functions to DDKG. It is a proven trusted implementation that has been used commercially for decades. We build our DDKG against OpenSSL FIPS 140 compliant algorithms to ensure FIPS compatibility where required.
We support the following versions of OpenSSL, however, we recommend using the latest OpenSSL v3.x.
| Release | Supported Versions | Notes |
| OpenSSL v3.0 | v3.0.9, v3.0.10 | |
| OpenSSL v1.1.1 | v1.1.1u | |
| OpenSSL v1.0 | v1.0h | This is deprecated, however, for brownfield devices we can continue to build for OpenSSL v1.0. Note that let’s encrypt certificates cannot be verified when using v1.0.x openSSL due to the re-issuing of the let’s encrypt root CA. |
The ‘Supported Versions’ are the versions we specifically build against at DA. If a customer is building against a different version of OpenSSL it may result in a failed build or other issues. OpenSSL works to maintain a common ABI across different versions of their software so a version built against OpenSSL v3.0.9 should work with a library of version 3.1.0 on a target platform.
The output of this build is a shared object / DLL which is loaded when the application launches. This allows us to use the OpenSSL library already installed on a target platform.
cURL
cURL is used to provide the Credential Manager with the capability to communicate with the KeyScaler REST API via HTTP requests. cURL provides us with TLS secure communication between client and server as well as proxy support with basic auth.
We support the following versions of cURL when building Credential Manager.
| Release | Supported Versions | Notes |
| cURL 8 | v8.2.0 | |
| cURL 7.x | v7.88, v7.56 | These are supplied for legacy platforms when requested. |
We recommend using v8.2.0 or greater. Credential Manager ships with v8.2.0 by default however we can build against older revisions if requested. Credential Manager can be built with later versions of cURL but are unsupported by DA.
The output of this build is a shared object / DLL which is loaded dynamically at runtime. This allows for an existing cURL library to be used on a platform.
ZLIB
ZLIB provides the ability to compress data. It is used to compress the DDK object (if configured at build time to do so).
https://github.com/madler/zlib
ZLIB version 1.2.8
This is built as a shared object / DLL and is dynamically loaded at runtime.
Mosquitto
Mosquitto is used to enable Credential Manager to communicate with KeyScaler using the MQTT protocol, a common protocol used in IoT devices. This replaces the use of the HTTP protocol.
Mosquitto version 1.4.11
Note that Mosquitto does not support OpenSSL v3.x so, if building MQTT support into Credential Manager it must be built with OpenSSL v1.1.1u. Due to this we have the ability to disable MQTT support when building Credential Manager. MQTT support is not included in our default releases.
UUID-dev
UUID dev is used to generate universally unique identifiers in Credential Manager
UUID version 2.39.1
https://github.com/util-linux/util-linux/tree/master/libuuid
This is statically linked into the Credential Manager at build time. It is not loaded dynamically at runtime.
JSON C
JSON C is a library that programmatically generates JSON documents. This is required by TPM2TSS.
JSON C version 0.16
https://github.com/json-c/json-c
This is built as a shared object and is loaded dynamically at runtime, when TPM support is included in the Credential Manager build.
TPM2TSS
TPM2TSS enables Credential Manager to utilise a TPM, when available, to generate and seal secrets on a device, e.g., RSA private keys. This is utilised to securely store a private key on a device, backed by the trusted platform hardware module, when the device is generating an RSA key-pair.
This library is only included in Credential Manager for Linux. On Windows, TPM secured data is managed by utilising the Windows Certificate Store and the Microsoft Platform Crypto Provider.
TPM2TSS version 4.0.1
https://github.com/tpm2-software/tpm2-tss
TPM2TSS generates several shared object libraries which are loaded dynamically at runtime. These are shipped with our Installer as they are typically not available on a device.
TPM support is optional when building Credential Manager. If TPM support not compiled into the application these files will not be included in the installer.
RapidJSON
RapidJSON is used to programmatically generate JSON documents when building our messages to the KeyScaler, and also when creating metadata payloads that are sent to DDKG.
RapidJSON version 1.0.2
Compiled into the Credential Manager.
TinyXML
TinyXML is used to programmatically create XML documents within the DDKG.
TinyXML version 2.6.2
https://sourceforge.net/projects/tinyxml
This is built and statically linked into the DDKG. We do not load this dynamically at runtime, it is compiled into the application.
GTest
GTest is used for unit testing of the Credential Manager source code.
GTest version 1.7.0
https://github.com/google/googletest
This is built as a shared object / DLL and is dynamically loaded when the unit tests are executed. Our makefile allows unit test compilation and execution by running make runtests.
DDKG Third Party Software
This page details the third party software that is required to build DDKG.
OpenSSL
OpenSSL is used to provide cryptographic functions to DDKG. It is a proven trusted implementation that has been used commercially for decades. We build our DDKG against OpenSSL FIPS 140 compliant algorithms to ensure FIPS compatibility where required.
We support the following versions of OpenSSL, however, we recommend using the latest OpenSSL v3.x.
| Release | Supported Versions | Notes |
| OpenSSL v3.0 | v3.0.9, v3.0.10 | |
| OpenSSL v1.1.1 | v1.1.1u | |
| OpenSSL v1.0 | v1.0h | This is deprecated, however, for brownfield devices we can continue to build for OpenSSL v1.0 |
The ‘Supported Versions’ are the versions we specifically build against at DA. If a customer is building against a different version of OpenSSL it may result in a failed build or other issues. OpenSSL works to maintain a common ABI across different versions of their software so a version built against OpenSSL v3.0.9 should work with a library of version 3.1.0 on a target platform.
https://www.openssl.org/news/openssl-3.0-notes.html
The output of this build is a shared object / DLL which is loaded when the application launches. This allows us to use the OpenSSL library already installed on a target platform.
TinyXML
TinyXML is used to programmatically create XML documents within the DDKG.
https://sourceforge.net/projects/tinyxml
TinyXML version: 2.6.2
This is built and statically linked into the DDKG. We do not load this dynamically at runtime, it is compiled into the application.
OSSP UUID
OSSP UUID is used to generate a Universally Unique Identifier – specifically v4 UUIDs.
http://www.ossp.org/pkg/lib/uuid/
OSSP UUID version 1.6.2
This is built and statically linked into the DDKG. We do not load this dynamically at runtime, it is compiled into the application.
ZLIB
ZLIB provides the ability to compress data. It is used to compress the DDK object (if configured at build time to do so).
https://github.com/madler/zlib
ZLIB version 1.2.8
This is built as a shared object / DLL and is dynamically loaded at runtime.
EthTool
EthTool is used to extract granular information about the device network interface adapters. This information is used as part of the devicekey when collecting device attributes on a Linux platform.
https://cdn.kernel.org/pub/software/network/ethtool/
EthTool version 4.8