gnutls 2.11.0 released

Christian Hilberg hilberg at
Thu Aug 5 12:32:59 CEST 2010

Hi everyone.

Nice to see a GnuTLS release (though dev version) which has PKCS#11 support:

On Thursday 22 Juli 2010 Nikos Mavrogiannopoulos wrote:
> [...]
> This is major update release that includes features such as PKCS #11
> support for cryptographic objects, support for local system thread
> locks, new message buffering layer, support for nettle library and more.
> [...]
> * Version 2.11.0 (released 2010-07-22)
> [...] 
> ** libgnutls: Added PKCS #11 support and an API to access objects in
> gnutls/pkcs11.h. Currently certificates and public keys can be
> imported from tokens, and operations can be performed on private keys.
> [...more pkcs #11 additions...]

I'm interested in getting to know whether you see this version of GnuTLS fit 
for accessing client certificates residing in a TPM module (token).

We have a setup with openCryptoki and Trousers and we can access the TPM token 
via openCryptoki's pkcsslotd using the NSS library. Is the same possible with 
the current GnuTLS development release as well?

NB: Since some parts of the software we're working with currently use NSS, we 
are most probably unable to switch to a different software stack (different 
from openCryptoki and Trousers, that is). Will this be a problem or <does|can> 
GnuTLS make use of the same software stack? Will we be able to use NSS and 
GnuTLS at the same time for accessing the same token?

Best regards, all input on the issue will be happily accepted.


kernel concepts GbR        Tel: +49-271-771091-14
Sieghuetter Hauptweg 48    Fax: +49-271-771091-19
D-57072 Siegen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100805/5bca012d/attachment.pgp>

More information about the Gnutls-devel mailing list