On Thu, Dec 5, 2013 at 5:45 PM, Thomas Habets <[email protected]> wrote:
>>> and GnuTLS supports *using* PKCS#11, but doesn't support >>> being used as a PKCS#11 provider. Is that right? >> No. GnuTLS doesn't provide a PKCS #11 module. > I'm not sure if you misread what I wrote. What do you mean by "PKCS #11 > module"? A .so library that provides the PKCS #11 interface. > It looks on this illustration like it can interface with PKCS#11 > providers at least: > http://www.gnutls.org/manual/html_node/Smart-cards-and-HSMs.html > but I don't see evidence of being able to act as a PKCS#11 provider. Indeed, it can read from other providers, but itself is not one. If I understood correctly, gnome-keyring may be closer to what you're looking for - https://wiki.gnome.org/Projects/GnomeKeyring/Architecture. I don't know the status of its TPM support though. >> The trousers library provides a PKCS #11 front-end. I've never managed >> to set it up though. > Do you mean libopencryptoki.so? I've deliberately chosen not to use > that one for various reasons. Would you mind sharing them? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
