PKCS #11 + gnutls

Nikos Mavrogiannopoulos nmav at
Fri Mar 25 11:34:03 CET 2011

On 03/25/2011 10:34 AM, Christian Hilberg wrote:

>> It should be noted however that PKCS #11 is an old API with few
>> problems. If you expect the PKCS #11 modules to be used by multiple
>> crypto libraries, we suggest that you use the intermediate module
>> p11-kit. It is available at:
> Aside from p11-kit, has GnuTLS PKCS #11 been tried with the
> OpenCryptoki [1] / Trousers [2] stack (or glue, whichever wording is
> more appropriate)? I'm asking just out of curiosity as we're using
> OpenCryptoki/Trousers and NSS presently, since there had not been
> PKCS #11 support in GnuTLS when we started out with our project [3],
> which could also profit from the now-available PKCS #11 support in
> GnuTLS.

GnuTLS has been tried with opensc PKCS #11 module and smart-cards.
Since a very basic subset of the PKCS #11 API is used I don't expect
to be incompatibilities with the modules you mention, but if they are
please let me know.


More information about the Gnutls-devel mailing list