[gnutls-dev] RFC: PKCS#11 plans
Nate Nielsen
nielsen-list at memberwebs.com
Tue Apr 24 17:23:36 CEST 2007
Simon Josefsson wrote:
> Serializing PKCS#11 is not simple, and I don't know if anyone has done
> this before. Further, the serialization of PKCS#11 doesn't have to be
> exactly mapped to the PKCS#11 API, it only have to support the same
> things that PKCS#11 support.
Yes, it's certainly not simple.
gnome-keyring-cryptoki is serializing same of the PKCS#11 calls for
communication with its daemon. It's similar to how a smart card driver
might send requests to its hardware component.
I would recommend that any such serialization remain an internal API
rather than trying to spec it out. As Alon is saying, implement PKCS#11
as the 'spec' or supported API, and then a certain PKCS#11 driver could
choose to serialize requests to a daemon (much as a smart card driver
would internally serialize or process requests).
Cheers,
Nate
More information about the Gnutls-devel
mailing list