Stef, >> Right now I have two ideas: >> 1) add one more pksc11 keyring storage based on the specified external >> pkcs11 module (e.g. particular smartcard module) > > Do you mean storing passwords on a smart card? I mean storing and generating keys and certificates on a smart card that supports this functionality (through the pkcs#11 interface). This could be nice hardening option for the gnome-keyring. >> 2) set up the specified pkcs11 module library as a "GnomeKeyring >> backend" so all the generated/added keys and certificated will be stored >> using this external library. > > Sounds interesting. But I'm interested in the goal and use case you're > trying to accomplish here. Well, the idea is to store all the available security information not on a local disk but on a smart card. We have two ways of doing this: 1) configure all the applications (pam, ssh, gnupg, etc.) separately for using the selected pkcs11 library. This is the well-known but complex way, and there are some issues of using gnome-keyring in this case. 2) configure (or implement and configure) gnome-keyring in the way that the pkcs#11 library will be used as a back-end for all the generated passwords, keys and certificates and all other things that gnome-keyring stores. -- Alexey Fedoseev Lead Software Engineer | WWPass Corporation 115184, Moscow, B. Tatarskaya St. 42, 6th floor +7 495 663 15 24
Attachment:
signature.asc
Description: OpenPGP digital signature