On 2010-07-17 18:10, Peter Stuge wrote: > Stef Walter wrote: >> Is there a spec around for specifying to applications which PKCS#11 >> modules to load > > That's application specific. > >> I'm thinking something along the lines of PAM conf files, where you >> can specify which PAM modules different applications load. > > Nothing like that.
If something like this doesn't exist, and nobody's given it any actual thought, then in the GNOME (and perhaps XDG) projects we're going to have to come up with a standard like this. If anyone would like to be involved, I'd love to collaborate. I'm thinking of using PAM for ideas. If you're familiar with PAM the following will make sense: * Directory of configuration files one per application. * Each file specifies modules to load. * Default configuration file when an application doesn't have its own. * Optional string to pass in as C_Initialize's pReserved so we can modules like NSS. I will ask around elsewhere besides OpenSC though. It's hard to believe I'm the first one who has run into this need. I'm always interested in others perspectives on an identical problem because it fills in missing bits (whether security, practicality, or corner cases) that I hadn't thought of. >> We're working hard on PKCS#11 support in GNOME, and rather than >> coming up with something like this on our own, perhaps someone has >> already given this some thought? > > You could take a look at libp11, which aims to provide a more > friendly API than bare PKCS#11 which isn't too great. libp11 is certainly helpful for people starting out with PKCS#11. However we've already implemented PKCS#11 provider and usage in GNOME for a while now. We're just getting to the point of integration and making it a solid usable foundation across all applications. Cheers, Stef _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
