Re: gnome-keyring PKCS#11 config file /etc/xdg/pkcs11.conf[.defaults]
- From: Nikos Mavrogiannopoulos <nmav gnutls org>
- To: Stef Walter <stefw collabora co uk>
- Cc: Dan Winship <danw gnome org>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: Re: gnome-keyring PKCS#11 config file /etc/xdg/pkcs11.conf[.defaults]
- Date: Wed, 19 Jan 2011 10:08:38 +0100
On 01/16/2011 11:11 PM, Stef Walter wrote:
> In any case, we also need a configuration file which specifies the
> libraries if we want to support user configuration of pkcs11 modules
> (like NSS does).
>
> For the library listing, I would suggest something like the following,
> in desktop entry format:
>
> [name]
> library=/path/to/pkcs11-module.so
> enabled=TRUE
I would need a type field as well, that says something like:
# this module is to be used for hardware acceleration of crypto
# operations.
acceleration=true
(are actually comments supported? Is '#' a sensible default?)
> And there would be multiple files that could contain these 'groups'. For
> example:
>
> /etc/pkcs11/pkcs11.defaults
> /etc/pkcs11/pkcs11.conf
Why two in /etc/pkcs11? Wouldn't a single pkcs11.conf do?
> ~/.pkcs11/pkcs11.conf
> The above would be read in order, with latter groups of the same being
> loaded on top of earlier ones. This would allow (for example) the user
> to disable a module provided by the system.
> There would probably need to be a switch to turn off/on the loading of
> the user config file, for lockdown or reasons.
>
> What do you think?
I pretty much agree. I'll try to implement that in gnutls.
regards,
Nikos
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
