[gnutls-dev] RFC: PKCS#11 plans

Nate Nielsen nielsen-list at memberwebs.com
Tue Apr 24 17:23:36 CEST 2007

Simon Josefsson wrote:
> Serializing PKCS#11 is not simple, and I don't know if anyone has done
> this before.  Further, the serialization of PKCS#11 doesn't have to be
> exactly mapped to the PKCS#11 API, it only have to support the same
> things that PKCS#11 support.

Yes, it's certainly not simple.

gnome-keyring-cryptoki is serializing same of the PKCS#11 calls for
communication with its daemon. It's similar to  how a smart card driver
might send requests to its hardware component.

I would recommend that any such serialization remain an internal API
rather than trying to spec it out. As Alon is saying, implement PKCS#11
as the 'spec' or supported API, and then a certain PKCS#11 driver could
choose to serialize requests to a daemon (much as a smart card driver
would internally serialize or process requests).


More information about the Gnutls-devel mailing list