[Help-gnutls] Re: Gnutls Smartcard support?
Simon Josefsson
simon at josefsson.org
Thu Mar 5 20:09:14 CET 2009
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> On 03/05/2009 11:01 AM, Jonathan Manktelow wrote:
>> Hi, Is there any support for using certificates on smartcards with Gnutls?
>
> No, there does not appear to be. I think it could be very useful to
> support private keys from smartcards in GnuTLS, but it would perhaps be
> even more useful to have generic out-of-process private key handling
> (like ssh-agent from OpenSSH does) so that developers could implement a
> smartcard-capable private key backend directly as a plugin.
Yes. Using the callback I mentioned, I think it should be possible to
implement a small library that talks to SeaHorse or similar to provide
this functionality.
> This is a counterpoint to the idea of an external certificate validation
> agent, which was at one point fleshed out here:
>
> http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation
>
> but that page seems to currently give a 404 error (Simon, the whole
> redmine instance seems to be gone -- is this something you already know
> about?)
Yes, for some reason the performance of ruby/redmine made the host
really slow so I had to disable it. What we need is just some wiki
space to work on ideas like this... I don't have sysadmin resources to
keep redmine running, so help here would be appreciated.
/Simon
More information about the Gnutls-help
mailing list