On 04/29/2015 02:20 PM, r...@openmailbox.org wrote: > Hi. I am trying to get a virtual smartcard attached to a vm but I want > it to use GPG instead of NSS. RedHat focuses on NSS becuase of PKCS#11 > requirements and FIPS approval, but for most of the community its GPG > that matters for smartcards. > > Is is possible to use GPG on the host instead of NSS with virtual > smartcards? Please document how or add support for it. > > Is using a virtual smartcard make the host less secure from a rogue vm? > If there are bugs in GPG/NSS backend on the host can they be abused by > untrusted code in the vm?
There are two implementations, one is passthrough and another uses a virtual card on the client side, both end up using the client NSS APIs for access to the hardware card, assuming in your case host=client then there is no more or less propensity for abuse then launching any local program (with the same credentials as the spice viewer). > _______________________________________________ > Spice-devel mailing list > Spice-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
