Nicolas Williams wrote:
> On Wed, Jul 09, 2008 at 08:53:10AM -0700, John Fischer wrote:
>> Just a few questions...
>>
>> How does this work with Trusted Extensions? Will there
>> be a separate keyring per label? Has this been answered
>> previously in another ARC case?
>>
>>> /usr/lib/gnome-keyring/ \ Volatile (New)
>>> gnome-keyring-pkcs11.so
>> This appears to be a Project Private library as it is
>> hidden underneath /usr/lib/gnome-keyring directory.
>> Is that correct? If so then it should be declared as
>> Project Private.
>
> A more interesting question is how this module fits into the Solaris
> cryptographic framework.
It can be added as a provider using cryptoadm(1M). The project team
consulted myself and Wyllys Ingersoll before submitting this case and we
recommended to ship the module but at this stage it isn't hooked into
the crypto framework by default.
# cryptoadm install \
provider=/usr/lib/gnome-keyring/gnome-keyring-pkcs11.so
The plan is that we will ship the module elfsigned appropriately so that
this can be done if desired.
A future case may have it in the default configuration once we have more
experience with it.
--
Darren J Moffat
