JP Rosevear wrote: > On Tue, 2007-04-03 at 03:01 +0000, Nate Nielsen wrote: >> As I noted in another thread I'm working on an X.509 certificate and key >> store for GNOME. This will be based on PKCS#11 (ie: Cryptoki). > > Given that apps like evolution and epiphany use nss already, how will > this be integrated with nss?
NSS, OpenSSL, Solaris's libpkc11 (and perhaps soon GnuTLS? ...) are all able to load a PKCS#11 module and use it for encryption, certificates etc... PKCS#11 modules are typically used as drivers for smart card readers and the like. So in this regard gnome-keyring will be acting as a pseudo smart card reader. Just as encryption keys and certificates might be stored on a smart card, they're stored in gnome-keyring. Just as certain crypto operations might be delegated to the card, ditto in gnome-keyring's new PKCS#11 module. Hope that make sense. In fact NSS already uses its own PKCS#11 modules for all of it's provided crypto functionality. These are libsoftokn3.so and libnssckbi.so OpenSSL has a a PKCS#11 engine which can be configured to use PKCS#11 modules. Cheers, Nate Nielsen _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
