Using p11-kit for PKCS#11 support

Stef Walter stefw at
Tue Jun 7 19:36:56 CEST 2011

p11-kit is a library that loads and coordinates access to modules. The 
two selling points of the library are:

  * Allows multiple consumers of a PKCS#11 module within the same process
    to coordinate access to that module. Without such a coordinator
    the various consumers will finalize modules out from one another. [1]

  * Provides a solid configuration system for which PKCS#11 modules to
    load and initialize [2].

Of course there are other features too:

  * A solid reference implementation of the PKCS#11 URI spec.
  * Fixes forking problems, and eases loading of the modules.
  * Saves lots of code in gnutls.

The attached patch ports gnutls to p11-kit. It's actually a combined set 
of patches, and these are available in branch form:

p11-kit is added as a dependency. p11-kit itself has no dependencies 
outside of basic libc stuff. The source code for p11-kit is available 
both in git and tarball form. [3]

If the gnutls dependency on p11-kit is disabled (via a configure option) 
then the PKCS#11 support is disabled. This is useful in bare bones 
embedded systems or places where very minimal dependencies are limited.

I'm working on integrating gnutls and PKCS#11 support into GLib. This 
patch is a prerequisite for that, so I'm looking forward to any feedback 
that would help get this change into gnutls.





-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs11-using-p11-kit.patch
Type: text/x-patch
Size: 274227 bytes
Desc: not available
URL: </pipermail/attachments/20110607/822f486a/attachment.bin>

More information about the Gnutls-devel mailing list