Hi, Am Dienstag 13 November 2012, um 11:18:07 schrieb Christian Hilberg: > Hi everyone. > [...] > GnuTLS, as a replacement for NSS, adds another layer of complication > to the matter. Aside from the TPM user PIN, it requires the higher > level software to locate the correct client certificate for the > connection to be established inside the TPM (or a software emulation > thereof) via so-called "PKCS #11 URIs" in an explicit manner. There This [9] is how that is supposed to work in the latest GnuTLS (support in the 2.12.x series works much the same). Kind regards, Christian > [0] https://live.gnome.org/Evolution/Kolab > [1] https://mail.gnome.org/archives/evolution-hackers/2010-July/msg00076.html > [2] http://sourceforge.net/projects/evolution-kolab/files/Usage_of_software_security_devices_for_client_authentication.pdf/download > [3] http://sourceforge.net/projects/opencryptoki/ > [4] http://trousers.sourceforge.net/ > [5] http://www.openldap.org/ > [6] http://www.gnu.org/software/gnutls/gnutls.html > [7] https://tools.ietf.org/html/draft-pechanec-pkcs11uri-06 > [8] http://www.openldap.org/lists/openldap-technical/201009/msg00350.html [9] http://www.gnu.org/software/gnutls/manual/gnutls.html#Trusted-Platform-Module -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 D-57072 Siegen http://www.kernelconcepts.de/
Attachment:
signature.asc
Description: This is a digitally signed message part.