On 04/29/2015 02:20 PM, r...@openmailbox.org wrote:
> Hi. I am trying to get a virtual smartcard attached to a vm but I want
> it to use GPG instead of NSS. RedHat focuses on NSS becuase of PKCS#11
> requirements and FIPS approval, but for most of the community its GPG
> that matters for smartcards.
> 
> Is is possible to use GPG on the host instead of NSS with virtual
> smartcards? Please document how or add support for it.
> 
> Is using a virtual smartcard make the host less secure from a rogue vm?
> If there are bugs in GPG/NSS backend on the host can they be abused by
> untrusted code in the vm?

There are two implementations, one is passthrough and another uses a
virtual card on the client side, both end up using the client NSS APIs
for access to the hardware card, assuming in your case host=client then
there is no more or less propensity for abuse then launching any local
program (with the same credentials as the spice viewer).

> _______________________________________________
> Spice-devel mailing list
> Spice-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel

Reply via email to