On 2010-07-18 10:27, Andreas Jellinghaus wrote: > Am Sonntag 18 Juli 2010, um 00:16:15 schrieb Stef Walter: >> Is there a spec around for specifying to applications which PKCS#11 >> modules to load and how to initialize them? >> >> I'm thinking something along the lines of PAM conf files, where you can >> specify which PAM modules different applications load. >> >> We're working hard on PKCS#11 support in GNOME, and rather than coming >> up with something like this on our own, perhaps someone has already >> given this some thought? > > I think it could be great, if a middle layer API for applications > was created. Why should all the details of crypto layers (like what > algorithms you support in ssl connections, where your root certificates > are, what certificates you have etc.) implemented again and again > for each new application? > > microsoft has crypto API that works as such a middle layer, and apple > has some middle layer too. so I think a middle layer could be great > for gnome, kde, freedesktop, whoever-wants-to-use-it. and it could > be build with smart cards in mind, so opensc and other pkcs#11 modules > could be integrated somehow.
I'm giving a talk on this in a few days at GUADEC on common key and certificate storage. Rather than invent our own, we're using PKCS #11 as this 'middle layer'. This allows any crypto library to integrate properly with the key storage. The missing piece is a common standard for specifying which PKCS#11 modules for an application to load. Cheers, Stef _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
