[gnutls-dev] gnome-keyring PKCS#11 provider implemented
alon.barlev at gmail.com
Tue Dec 4 12:52:30 CET 2007
On 12/3/07, Stef Walter <stef-list at memberwebs.com> wrote:
> My email to gnutls-dev didn't seem to make it there, but I figured you
> guys would be interested in this:
> It took longer than I initially thought, but gnome-keyring now has a
> working PKCS#11 provider. It supports with RSA and DSA keys,
> certificates etc. and integrates them with the user's login keyring.
> Some details:
> Implementation notes:
> The gnome-keyring PKCS#11 provider is probably a bit young and naive,
> and I'd like to make sure that it works with GnuTLS.
> In fact I'd be overjoyed if someone with more crypto knowledge than me
> took a look and made sure it's doing things correctly.
> The code is in the SVN trunk of gnome-keyring (slated for GNOME 2.22):
> Stef Walter
These are great news!
You can use the test program of gnutls-pkcs11 to test if it works with GnuTLS:
This requires pkcs11-helper dependency from:
Be sure to configure this with --enable-crypto-engine-gnutls
You can run the test program:
src/gnutls-pkcs11-cli --add-provider=@@PROVIDER@@ --cmd=ids
--cmd=connect --pkcs11-id='@@PKCS#11 ID@@' --host=localhost --port=443
You can test this with some of my other solutions, you can use it with
OpenSSH, OpenVPN, eCryptfs, gnupg-pkcs11-scd, these are compete
applications, so it would be easier.
I currently support only RSA based keys. I've never seen (touched) a
token that supports DSA... :)
But I will be happy to extend this to DSA as well.
I also appreciate if you can send me the output of:
pkcs11-dump info @@PROVIDER@@
pkcs11-dump slotlist @@PROVIDER@@
pkcs11-dump dump @@PROVIDER@@ @@SLOT@@ @@PIN@@
pkcs11-dump available from:
More information about the Gnutls-devel