PKCS #11 + gnutls
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Mar 25 11:34:03 CET 2011
On 03/25/2011 10:34 AM, Christian Hilberg wrote:
>> It should be noted however that PKCS #11 is an old API with few
>> problems. If you expect the PKCS #11 modules to be used by multiple
>> crypto libraries, we suggest that you use the intermediate module
>> p11-kit. It is available at: http://p11-glue.freedesktop.org/
> Aside from p11-kit, has GnuTLS PKCS #11 been tried with the
> OpenCryptoki [1] / Trousers [2] stack (or glue, whichever wording is
> more appropriate)? I'm asking just out of curiosity as we're using
> OpenCryptoki/Trousers and NSS presently, since there had not been
> PKCS #11 support in GnuTLS when we started out with our project [3],
> which could also profit from the now-available PKCS #11 support in
> GnuTLS.
GnuTLS has been tried with opensc PKCS #11 module and smart-cards.
Since a very basic subset of the PKCS #11 API is used I don't expect
to be incompatibilities with the modules you mention, but if they are
please let me know.
regards,
Nikos
More information about the Gnutls-devel
mailing list