On 5 December 2013 16:25, Nikos Mavrogiannopoulos <[email protected]> wrote: >> and GnuTLS supports *using* PKCS#11, but doesn't support >> being used as a PKCS#11 provider. Is that right? > No. GnuTLS doesn't provide a PKCS #11 module.
I'm not sure if you misread what I wrote. What do you mean by "PKCS #11 module"? It looks on this illustration like it can interface with PKCS#11 providers at least: http://www.gnutls.org/manual/html_node/Smart-cards-and-HSMs.html but I don't see evidence of being able to act as a PKCS#11 provider. > The trousers library provides a PKCS #11 front-end. I've never managed > to set it up though. Do you mean libopencryptoki.so? I've deliberately chosen not to use that one for various reasons. > If you are using gnutls I'd suggest to use directly the TPM interface > or simply the TPM urls. I'm leaning more towards going over PKCS#11, maybe via p11-kit. If nothing else so that I get the ability of using the same key pair for SSH and SSL, if I so choose. But I'm aware of the API for using TPM with SSL that GnuTLS has. -- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "[email protected]" }; char kernel[] = { "Linux" }; char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t; _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
