On Tue, 2016-12-13 at 19:45 +0000, David Woodhouse wrote: > On Tue, 2016-12-13 at 19:20 +0100, Lubomir Rintel wrote: > > Modeled after GTK Places sidebar. For internal use now. > > We toyed with this. It really sucks that we can't just use the > existing > sidebar and add our PKCS#11 tokens to it. > > Stef's proposal at GUADEC was to turn the existing 'click here to > open > a (file)chooser' widget into a drop-down. You click it and instead of > just popping up what's *currently* a file chooser (but which we want > to > extend to cover PKCS#11 too), it gives a drop-down with all the > PKCS#11 > tokens you can choose from, plus "Select from file...". > > If you choose a token, you get a PKCS#11 chooser which has *just* > that > token (no sidebar). And if you choose 'Select from file...' you > obviously get the file chooser. > > There are some details to be worked out regarding certs from one > location and keys from another, but I think that approach can work > and > can keep things relatively simple.
That actually sounds like a rather good idea to me. One thing I could not figure out is whether we'd need one or two chooser buttons. We typically need a cert and a privkey, but with PKCS#11 URIs or PKCS#12 archives they could be easily described with a single string (be it the URI or a filename). However often people use certificate and key in separate files (and potentially objects with different CKA_ID/CKA_LABEL in a token?). Also, I'd really just like to get rid of certificates in plain files altogether, because they can't play well with SELinux and just let the user import their keys into a softtoken (GNOME Keyring?) in a sane way instead. Not completely convinced if that's a feasible idea though. Lubo _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
