PKCS #11 + gnutls

Christian Hilberg hilberg at kernelconcepts.de
Fri Mar 25 14:25:49 CET 2011


Hi there,

On Fri 25 March 2011 Nikos Mavrogiannopoulos wrote:
> On 03/25/2011 10:34 AM, Christian Hilberg wrote:
> >> It should be noted however that PKCS #11 is an old API with few
> >> problems. If you expect the PKCS #11 modules to be used by multiple
> >> crypto libraries, we suggest that you use the intermediate module
> >> p11-kit. It is available at: http://p11-glue.freedesktop.org/
> > 
> > Aside from p11-kit, has GnuTLS PKCS #11 been tried with the
> > OpenCryptoki [1] / Trousers [2] stack (or glue, whichever wording is
> > more appropriate)? I'm asking just out of curiosity as we're using
> > OpenCryptoki/Trousers and NSS presently, since there had not been
> > PKCS #11 support in GnuTLS when we started out with our project [3],
> > which could also profit from the now-available PKCS #11 support in
> > GnuTLS.
> 
> GnuTLS has been tried with opensc PKCS #11 module and smart-cards.
> Since a very basic subset of the PKCS #11 API is used I don't expect
> to be incompatibilities with the modules you mention, but if they are
> please let me know.

Thanks. Sadly, we lack the time to try this right now. We'll keep an eye on 
the GIO security modules development, however, and I'd expect the topic to 
come up there sooner or later (or not, if things will settle on one or the 
other solution, but then, no need for further investigation :-).

Kind regards,

	Christian

-- 
kernel concepts GbR        Tel: +49-271-771091-14
Sieghuetter Hauptweg 48
D-57072 Siegen
http://www.kernelconcepts.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110325/a3148315/attachment.pgp>


More information about the Gnutls-devel mailing list