Re: pkcs#11



Jeff Cai wrote:
> Since I don't find the gnome-keyring mail list, I send it to seahorse list.

Sorry bout that. I've requested a gnome-keyring list almost 6 months
ago: http://bugzilla.gnome.org/show_bug.cgi?id=141767

> In gnome-keyring 2.22, there's a componenet called PKCS#11. Although I
> read the description at http://live.gnome.org/GnomeKeyring/Cryptoki, I
> still have no idea how PKCS#11 is used. Can someone explain it more for
> me? Thanks in advance.

PKCS#11 is a standard that lets applications use encryption keys and
certificates on devices like smart cards. gnome-keyring implements this
standard and acts such a device, storing keys and certificates and
making them available for applications to use.

PKCS#11 deals directly with things like RSA/DSA signing operations, and
certificate attributes. It's a bit low level. Usually one uses PKCS#11
through a cyrpto library like NSS. However you can use it directly via a
library like pkcs11-helper.

The implementation of PKCS#11 in gnome-keyring works pretty well at
present, but the management UI is incomplete. That's why I haven't been
pushing it's use in other applications too strongly.

More info:

http://live.gnome.org/GnomeKeyring/CertificatesKeys
http://live.gnome.org/GnomeKeyring/ApplicationSetup
http://live.gnome.org/GnomeKeyring/Cryptoki

> Another question is about where the code of Storing Keyrings on
> Removable Disks?

Yes, this does work at present. Again not something I've been
advertising too much as the UI for it is incomplete. Here you go:

http://live.gnome.org/GnomeKeyring/Removable

Cheers,
Stef Walter



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]