1 files changed, 16 insertions, 3 deletions

diff --git a/personal/cv/cv.org b/personal/cv/cv.org
index ed6de01..4043382 100644
--- a/personal/cv/cv.org
+++ b/personal/cv/cv.org
@@ -40,9 +40,22 @@ course of the project, I took part in many over activities:
 
 - I reviewed all uses of cryptography in the system as part of our
   security certification process; this allowed me to get a good grasp
-  of how filesystem encryption, VPN, or repository authentication are
-  configured in a free software distribution.
+  of how filesystem encryption, VPNs, webservers, and repository
+  authentication are configured in a free software distribution.
 
 - I supported our license team in assessing our use of free and open
   source software.
-
+** 2014 (6 months): internship at Airbus CyberSecurity
+I extended an *Intrusion Detection System to authenticate and decrypt
+its ruleset using a Hardware Security Module*.  This was a very
+informative foray into the world of cryptographic APIs, such as:
+
+- the [[https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html][PKCS#11]] standard to communicate with hardware tokens,
+- the [[https://tools.ietf.org/html/rfc2315][PKCS#7]] format, and its successor [[https://tools.ietf.org/html/rfc5652][CMS]], to serialize encrypted and
+  authenticated messages,
+- the [[https://tools.ietf.org/html/rfc5280][X.509]] standard to understand how PKIs work and how to parse
+  certificates,
+- the [[http://luca.ntop.org/Teaching/Appunti/asn1.html][ASN.1]] format to reverse-engineer cryptic HSM errors, such as
+  ECDSA signatures lacking the [[https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__1__EC__SIGNATURES.html][zero-padding expected in PKCS#11]],
+- [[https://www.openssl.org/][OpenSSL]], to setup PKIs, [[https://stackoverflow.com/a/23422301/1503371][encrypt and sign rulesets, and generate CSRs
+  for a key stored a hardware token]].