gnome-keyring PKCS#11 registration, was: Re: A few Keyring issues

[Yaron Sheffer <yaronf gmx com>]

Hi Stef,

First, thanks for reviewing and correcting the new FAQ.

Regarding the PKCS#11 Task Force's "standard": since the daemon runs 
with user privileges, I think it would make sense to add a user 
directory as well (e.g. ~/.pkcs11/lib), so that users can install their 
own providers. It would have been nice to "standardize" this addition, 
but the TF wiki page seems to be dead for the last 5 years.

Thanks,
	Yaron

On 08/06/2010 09:00 AM, Stef Walter wrote:
> On 08/05/2010 07:51 PM, Yaron Sheffer wrote:
[...]

> > And lastly, I see you are active on the SAAG list regarding PKCS#11. I
> > haven't figured out yet KR's PKCS#11 architecture, so apologies if this
> > is explained somewhere: is there an API where a PKCS#11 provider (like a
> > smartcard driver, or a TPM driver) can register itself, so that it can
> > then be discovered by name and used by KR/Seahorse?
>
> Yes. Thanks for poking me about this. I wanted to post/blog about it...
>
> I've been discussing this with on the OpenSC list with some folks there
> [1]. We've currently settled on this 'standard':
>
> http://wiki.cacert.org/Pkcs11TaskForce
>
> This discussion took place outside of GNOME since we're interested in
> having a somewhat common standard for this stuff.
>
> I've implemented support in the gck-work [2] branch of gnome-keyring for
> this, but haven't yet connected it to seahorse or the rest of gnome-keyring.
>
>   Right now it looks
> > like KR can only work with its hardcoded internal PKCS#11 providers. I
> > expect such a mechanism would tie into your URN work.
>
> Yes, certainly. I'm working on URI support (again in the gck-work
> branch) but it's not yet pushed to git.gnome.org.
>
> Cheers,
>
> Stef
>
>
> [1]
> http://www.opensc-project.org/pipermail/opensc-devel/2010-July/014507.html
>
> [2]
> http://git.gnome.org/browse/gnome-keyring/commit/?h=gck-work&id=cea36adf672a4b26a632362c8559d9db2785d66e