Re: pkcs#11
- From: Stef <stef-list memberwebs com>
- To: Jeff Cai <Jeff Cai Sun COM>
- Cc: seahorse-list gnome org
- Subject: Re: pkcs#11
- Date: Mon, 30 Jun 2008 22:58:16 +0000 (UTC)
Jeff Cai wrote:
> Since I don't find the gnome-keyring mail list, I send it to seahorse list.
Sorry bout that. I've requested a gnome-keyring list almost 6 months
ago: http://bugzilla.gnome.org/show_bug.cgi?id=141767
> In gnome-keyring 2.22, there's a componenet called PKCS#11. Although I
> read the description at http://live.gnome.org/GnomeKeyring/Cryptoki, I
> still have no idea how PKCS#11 is used. Can someone explain it more for
> me? Thanks in advance.
PKCS#11 is a standard that lets applications use encryption keys and
certificates on devices like smart cards. gnome-keyring implements this
standard and acts such a device, storing keys and certificates and
making them available for applications to use.
PKCS#11 deals directly with things like RSA/DSA signing operations, and
certificate attributes. It's a bit low level. Usually one uses PKCS#11
through a cyrpto library like NSS. However you can use it directly via a
library like pkcs11-helper.
The implementation of PKCS#11 in gnome-keyring works pretty well at
present, but the management UI is incomplete. That's why I haven't been
pushing it's use in other applications too strongly.
More info:
http://live.gnome.org/GnomeKeyring/CertificatesKeys
http://live.gnome.org/GnomeKeyring/ApplicationSetup
http://live.gnome.org/GnomeKeyring/Cryptoki
> Another question is about where the code of Storing Keyrings on
> Removable Disks?
Yes, this does work at present. Again not something I've been
advertising too much as the UI for it is incomplete. Here you go:
http://live.gnome.org/GnomeKeyring/Removable
Cheers,
Stef Walter
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]