We are happy to share with you a joint effort between eProsima and Unikie which has resulted in REP-2015, a ROS Enhancement Proposal (REP) aiming to increase ROS 2’s security support by enabling the retrieval of private keys from Hardware Security Modules (HSMs) compliant with the PKCS #11 API.
With this feature, it is now possible to store ROS 2’s security private keys in HSMs connected to the robots, as opposed to storing them “in the clear” as plain files. This leverages the PKCS #11 API to perform secure operations, which becomes especially relevant in production deployments where secure communications are paramount.
This REP builds upon a design proposal from a couple of years ago and includes all the necessary pull requests to enable the feature across all the required packages. The only thing left is for you to give it a thumbs up!
You can even try it out without any source code compilation via Vulcanexus, which has successfully been shipping this feature for a year now. . Please check out this tutorial and let us know how it goes!