gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] RFC: PKCS#11 plans

From: Ludovic Courtès
Subject: Re: [gnutls-dev] RFC: PKCS#11 plans
Date: Mon, 23 Apr 2007 15:50:22 +0200
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) 
Hi,

Simon Josefsson <address@hidden> writes:

> That seem to use the scdaemon protocol, but that protocol isn't
> sufficient for what GnuTLS needs -- for example, I can't read
> certificates from the smartcard via that protocol for OpenPGP cards.
> GnuTLS needs the certificates.

In this context, shouldn't we question the assumption that GnuTLS
absolutely needs access to private keys?  It seems that many smartcards
don't offer this option for security reasons: instead they only allow,
for instance, encryption/decryption of arbitrary data, as well as
extraction of the public key (certificate).

See the thread at:

  http://article.gmane.org/gmane.comp.gnu.gnupg.users/10411
  http://article.gmane.org/gmane.comp.gnu.gnupg.users/10429

(In addition, the opinion of Werner Koch in the second message is that
GnuTLS could directly talk to `gnupg-agent' instead of having its own
infrastructure.  Wouldn't that make sense?)

Thanks,
Ludovic.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]