Re: Progress on GNOME Certificate Store / gnome-keyring PKCS#11

From: Nate Nielsen <nielsen-list memberwebs com>
To: JP Rosevear <jpr novell com>
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Progress on GNOME Certificate Store / gnome-keyring PKCS#11
Date: Mon, 9 Apr 2007 16:35:42 +0000 (UTC)

JP Rosevear wrote:
> On Tue, 2007-04-03 at 03:01 +0000, Nate Nielsen wrote:
>> As I noted in another thread I'm working on an X.509 certificate and key
>> store for GNOME. This will be based on PKCS#11 (ie: Cryptoki).
> 
> Given that apps like evolution and epiphany use nss already, how will
> this be integrated with nss?

NSS, OpenSSL, Solaris's libpkc11 (and perhaps soon GnuTLS? ...) are all
able to load a PKCS#11 module and use it for encryption, certificates
etc...

PKCS#11 modules are typically used as drivers for smart card readers and
the like. So in this regard gnome-keyring will be acting as a pseudo
smart card reader. Just as encryption keys and certificates might be
stored on a smart card, they're stored in gnome-keyring. Just as certain
crypto operations might be delegated to the card, ditto in
gnome-keyring's new PKCS#11 module.

Hope that make sense.

In fact NSS already uses its own PKCS#11 modules for all of it's
provided crypto functionality. These are libsoftokn3.so and libnssckbi.so

OpenSSL has a a PKCS#11 engine which can be configured to use PKCS#11
modules.

Cheers,
Nate Nielsen

References:
- Progress on GNOME Certificate Store / gnome-keyring PKCS#11
  - From: Nate Nielsen
- Re: Progress on GNOME Certificate Store / gnome-keyring PKCS#11
  - From: JP Rosevear

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]