[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Using p11-kit for PKCS#11 support
|
From: |
Stef Walter |
|
Subject: |
Using p11-kit for PKCS#11 support |
|
Date: |
Tue, 07 Jun 2011 17:36:56 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc15 Thunderbird/3.1.10 |
p11-kit is a library that loads and coordinates access to modules. The
two selling points of the library are:
* Allows multiple consumers of a PKCS#11 module within the same process
to coordinate access to that module. Without such a coordinator
the various consumers will finalize modules out from one another. [1]
* Provides a solid configuration system for which PKCS#11 modules to
load and initialize [2].
Of course there are other features too:
* A solid reference implementation of the PKCS#11 URI spec.
* Fixes forking problems, and eases loading of the modules.
* Saves lots of code in gnutls.
The attached patch ports gnutls to p11-kit. It's actually a combined set
of patches, and these are available in branch form:
http://cgit.collabora.com/git/user/stefw/gnutls.git/log/?h=p11-kit
p11-kit is added as a dependency. p11-kit itself has no dependencies
outside of basic libc stuff. The source code for p11-kit is available
both in git and tarball form. [3]
If the gnutls dependency on p11-kit is disabled (via a configure option)
then the PKCS#11 support is disabled. This is useful in bare bones
embedded systems or places where very minimal dependencies are limited.
I'm working on integrating gnutls and PKCS#11 support into GLib. This
patch is a prerequisite for that, so I'm looking forward to any feedback
that would help get this change into gnutls.
Cheers,
Stef
[1] http://p11-glue.freedesktop.org/doc/p11-kit/sharing.html
[2] http://p11-glue.freedesktop.org/doc/p11-kit/config.html
[3] http://p11-glue.freedesktop.org/p11-kit.html
pkcs11-using-p11-kit.patch
Description: Text Data
- Using p11-kit for PKCS#11 support,
Stef Walter <=