Re: Progress on GNOME Certificate Store / gnome-keyring PKCS#11



JP Rosevear wrote:
> On Tue, 2007-04-03 at 03:01 +0000, Nate Nielsen wrote:
>> As I noted in another thread I'm working on an X.509 certificate and key
>> store for GNOME. This will be based on PKCS#11 (ie: Cryptoki).
> 
> Given that apps like evolution and epiphany use nss already, how will
> this be integrated with nss?

NSS, OpenSSL, Solaris's libpkc11 (and perhaps soon GnuTLS? ...) are all
able to load a PKCS#11 module and use it for encryption, certificates
etc...

PKCS#11 modules are typically used as drivers for smart card readers and
the like. So in this regard gnome-keyring will be acting as a pseudo
smart card reader. Just as encryption keys and certificates might be
stored on a smart card, they're stored in gnome-keyring. Just as certain
crypto operations might be delegated to the card, ditto in
gnome-keyring's new PKCS#11 module.

Hope that make sense.

In fact NSS already uses its own PKCS#11 modules for all of it's
provided crypto functionality. These are libsoftokn3.so and libnssckbi.so

OpenSSL has a a PKCS#11 engine which can be configured to use PKCS#11
modules.

Cheers,
Nate Nielsen




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]