Hello,
(saved this message from the moderation list, Stef, you should subscribe)
On Aug 1, 2010, at 2:21 PM, Stef wrote:
> * PKCS#11 modules such as libsoftokn3.so (NSS) need a string passed
> into C_Initialize pReserved. That said, such libraries are outside
> the specification and such lib
On 08/01/2010 11:25 AM, Ludovic Rousseau wrote:
> You can consider the library filename to _be_ the configuration file.
> For example the OpenSC PKCS#11 lib is installed in /usr/lib/opensc-pkcs11.so
> And a symbolic link is present in /usr/lib/pkcs11/ and points to the library
Make sense. It looks
2010/8/1 Stef :
> On 07/29/2010 10:20 PM, Ludovic Rousseau wrote:
>> 2010/7/20 Stef Walter :
>>> On 07/20/2010 10:16 AM, Martin Paljak wrote:
So maybe the
"PKCS#11 directory" [3] is the best solution I've seen this far.
>>>
>>> That's certainly a good start.
>>
>> The PKCS#11 tokend [1] (
2010/7/20 Stef Walter :
> On 07/20/2010 10:16 AM, Martin Paljak wrote:
>> So maybe the
>> "PKCS#11 directory" [3] is the best solution I've seen this far.
>
> That's certainly a good start.
The PKCS#11 tokend [1] (tokend above any PKCS#11) does use the
"PKCS#11 directory" [3].
Having to configure
Hello,
On Jul 21, 2010, at 12:40 AM, Stef Walter wrote:
> On 07/20/2010 10:16 AM, Martin Paljak wrote:
> Gnome Keyring is not going to turn into something like OpenSSL. Here's
> the 50,000 foot main goals of Gnome Keyring:
>
> 1. To be a place to store passwords.
> 2. To be a common place to stor
On 07/18/2010 07:09 AM, Anders Rundgren wrote:
> On 2010-07-18 15:46, Stef Walter wrote:
>
>
>> I'm thinking of using PAM for ideas. If you're familiar with PAM the
>> following will make sense:
>>
>> * Directory of configuration files one per application.
>> * Each file specifies modules to l
On Jul 20, 2010, at 7:42 PM, Jean-Michel Pouré - GOOZE wrote:
> On Tue, 2010-07-20 at 18:16 +0300, Martin Paljak wrote:
>>
>> If you plan to provide higher level GNOME API-s, my suggestion would
>> be NOT to piggyback on PKCS#11. You may end up abusing it. If the
>> specification tells that pRes
On 07/20/2010 10:16 AM, Martin Paljak wrote:
> Hello,
>
> A huge backlog of e-mails to go through, but here's a thought on the
> subject:
Thanks for responding.
> The Linux "paradox of choice": it
> is so good to be able to choose from so many possibilities, that it
> becomes bad that there's so
On Tue, 2010-07-20 at 18:16 +0300, Martin Paljak wrote:
>
> If you plan to provide higher level GNOME API-s, my suggestion would
> be NOT to piggyback on PKCS#11. You may end up abusing it. If the
> specification tells that pReserved should be NULL, it really should be
> NULL. There are PKCS#11 pr
Hello,
A huge backlog of e-mails to go through, but here's a thought on the subject:
On Jul 18, 2010, at 9:41 PM, Stef Walter wrote:
> On 2010-07-18 13:34, Anders Rundgren wrote:
>> On 2010-07-18 18:49, Stef Walter wrote:
>>
>>>
>>> The missing piece is a common standard for specifying which P
On 7/17/2010 5:16 PM, Stef Walter wrote:
> Is there a spec around for specifying to applications which PKCS#11
> modules to load and how to initialize them?
>
> I'm thinking something along the lines of PAM conf files, where you can
> specify which PAM modules different applications load.
>
> We'
On 2010-07-18 13:34, Anders Rundgren wrote:
> On 2010-07-18 18:49, Stef Walter wrote:
>
>>
>> The missing piece is a common standard for specifying which PKCS#11
>> modules for an application to load.
>
> This is not what Microsoft and Apple offers.
>
> They offer a directory of providers. If a
On 2010-07-18 18:49, Stef Walter wrote:
>
> The missing piece is a common standard for specifying which PKCS#11
> modules for an application to load.
This is not what Microsoft and Apple offers.
They offer a directory of providers. If apps want to
discriminate against certain providers they can
On Sun, 2010-07-18 at 08:46 -0500, Stef Walter wrote:
> Well in GNOME we're implementing a foundation for usable crypto based
> around PKCS#11.
From a user point issue, it seems that Gnome Keyring manages different
types of keyrings: password, OpenPGP and OpenSSH. It has also limited
suport for P
On 2010-07-18 10:27, Andreas Jellinghaus wrote:
> Am Sonntag 18 Juli 2010, um 00:16:15 schrieb Stef Walter:
>> Is there a spec around for specifying to applications which PKCS#11
>> modules to load and how to initialize them?
>>
>> I'm thinking something along the lines of PAM conf files, where you
Am Sonntag 18 Juli 2010, um 00:16:15 schrieb Stef Walter:
> Is there a spec around for specifying to applications which PKCS#11
> modules to load and how to initialize them?
>
> I'm thinking something along the lines of PAM conf files, where you can
> specify which PAM modules different applicatio
On 2010-07-18 15:46, Stef Walter wrote:
> I'm thinking of using PAM for ideas. If you're familiar with PAM the
> following will make sense:
>
> * Directory of configuration files one per application.
> * Each file specifies modules to load.
> * Default configuration file when an application do
On 2010-07-18 01:33, Anders Rundgren wrote:
> BTW, isn't there
> an effort establishing NSS as the Linux crypto platform?
Well in GNOME we're implementing a foundation for usable crypto based
around PKCS#11. We're 'equal opportunity' for crypto libraries. Although
NSS is a big player, and have put
On 2010-07-17 18:10, Peter Stuge wrote:
> Stef Walter wrote:
>> Is there a spec around for specifying to applications which PKCS#11
>> modules to load
>
> That's application specific.
>
>> I'm thinking something along the lines of PAM conf files, where you
>> can specify which PAM modules differe
I've personally always wondered why the PKCS #11 folks never
considered a central registry like in Windows where
cryptographic providers register themselves, particularly
for user-oriented providers (not HSMs).
I believe Microsoft introduced this 15 years ago...
Note: I don't mean that a "kitchen
Stef Walter wrote:
> Is there a spec around for specifying to applications which PKCS#11
> modules to load
That's application specific.
> and how to initialize them?
This is covered by PKCS#11. A PKCS#11 module is basically a shared
library that exposes the API described in the standard. Initia
Is there a spec around for specifying to applications which PKCS#11
modules to load and how to initialize them?
I'm thinking something along the lines of PAM conf files, where you can
specify which PAM modules different applications load.
We're working hard on PKCS#11 support in GNOME, and rather
22 matches
Mail list logo
