[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-36-g05cf15e
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-36-g05cf15e |
Date: |
Thu, 29 Dec 2011 19:25:25 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=05cf15edd2dac479b0eeb0fc26b33c1b9663b94e
The branch, master has been updated
via 05cf15edd2dac479b0eeb0fc26b33c1b9663b94e (commit)
from 6e1f1f28325a352a8946a74a0ad16e3f17f26335 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 05cf15edd2dac479b0eeb0fc26b33c1b9663b94e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Dec 29 21:24:15 2011 +0200
more updates
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth.texi | 16 ++++++----------
doc/cha-cert-auth2.texi | 36 +++++++++++++++++++-----------------
doc/cha-programs.texi | 14 ++------------
3 files changed, 27 insertions(+), 39 deletions(-)
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 924b2b3..03748bc 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -2,22 +2,18 @@
@chapter Certificate authentication
@cindex certificate authentication
address@hidden
-* Introduction::
-* X.509 certificates::
-* OpenPGP certificates::
-* Digital signatures::
address@hidden menu
-
address@hidden Introduction
address@hidden Introduction
-
The most known authentication method of @acronym{TLS} are certificates.
The PKIX @xcite{PKIX} public key infrastructure is daily used by anyone
using a browser today. @acronym{GnuTLS} supports both
@acronym{X.509} certificates @xcite{PKIX} and @acronym{OpenPGP}
certificates using a common API.
address@hidden
+* X.509 certificates::
+* OpenPGP certificates::
+* Digital signatures::
address@hidden menu
+
@node X.509 certificates
@section @acronym{X.509} certificates
@cindex X.509 certificates
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index b4f2fd0..3036bc7 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -2,12 +2,17 @@
@chapter More on certificate authentication
@cindex certificate authentication
+Certificates are not the only structures involved in a public key
+infrastructure. Several other structures that are used for certificate
+requests, encrypted private keys, revocation lists, GnuTLS abstract key
+structures, etc., are discussed in this chapter.
+
@menu
* PKCS 10 certificate requests::
* PKIX certificate revocation lists::
* Managing encrypted keys::
* The certtool application::
-* Hardware tokens::
+* Smart cards and HSMs::
* Abstract key types::
@end menu
@@ -117,7 +122,7 @@ CRL number extension and the authority key identifier.
Transferring or storing private keys in plain might not be a
good idea. Any access on the keys becomes a fatal compromise.
-Storing the keys in hardware tokens (see @ref{Hardware tokens})
+Storing the keys in hardware security modules (see @ref{Smart cards and HSMs})
could solve the storage problem but it is not always practical
or efficient enough. This section describes alternative ways
that involve encryption of the private keys to store and
@@ -514,25 +519,14 @@ signing_key
@end example
address@hidden Hardware tokens
address@hidden Security modules
address@hidden Smart cards and HSMs
address@hidden Smart cards and HSMs
@cindex PKCS #11 tokens
@cindex hardware tokens
@cindex hardware security modules
@cindex smart cards
address@hidden
-* Introduction on security modules::
-* PKCS11 Initialization::
-* Reading objects::
-* Writing objects::
-* Using a PKCS11 token with TLS::
-* The p11tool application::
address@hidden menu
-
address@hidden Introduction on security modules
address@hidden Introduction
-In this section we present the smart-card and hardware security module support
+In this section we present the smart-card and hardware security module (HSM)
support
in @acronym{GnuTLS} using @acronym{PKCS} #11 @xcite{PKCS11}. Hardware security
modules and smart cards provide a way to store private keys and perform
operations on them without exposing them. This allows decoupling cryptographic
@@ -563,6 +557,14 @@ system, being the @acronym{Gnome Keyring}.
@caption{PKCS #11 module usage.}
@end float
address@hidden
+* PKCS11 Initialization::
+* Reading objects::
+* Writing objects::
+* Using a PKCS11 token with TLS::
+* The p11tool application::
address@hidden menu
+
@node PKCS11 Initialization
@subsection Initialization
To allow all the @acronym{GnuTLS} applications to access @acronym{PKCS} #11
tokens
@@ -687,7 +689,7 @@ p11tool is a program that is used to access tokens
and security modules that support the PKCS #11 API. It requires
individual PKCS #11 modules to be loaded either with the
@code{--provider} option, or by setting up the GnuTLS configuration
-file for PKCS #11 as in @ref{Hardware tokens}.
+file for PKCS #11 as in @ref{Smart cards and HSMs}.
@example
p11tool help
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 42cb4a9..ece7049 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -73,12 +73,7 @@ Usage: gnutls-cli [options] hostname
-v, --version prints the program's version number
@end example
address@hidden
-* Example client PSK connection::
address@hidden menu
-
address@hidden Example client PSK connection
address@hidden Example client PSK connection
address@hidden Example client PSK connection
@cindex PSK client
To connect to a server using PSK authentication, you need to enable
@@ -164,12 +159,7 @@ Usage: gnutls-serv [options]
-v, --version prints the program's version number
@end example
address@hidden
-* Setting up a test HTTPS server::
address@hidden menu
-
address@hidden Setting up a test HTTPS server
address@hidden Setting up a test HTTPS server
address@hidden Setting up a test HTTPS server
@cindex HTTPS server
@cindex debug server
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-36-g05cf15e,
Nikos Mavrogiannopoulos <=