[Help-gnutls] Re: Gnutls Smartcard support?

Simon Josefsson simon at josefsson.org
Thu Mar 5 20:09:14 CET 2009


Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> On 03/05/2009 11:01 AM, Jonathan Manktelow wrote:
>> Hi, Is there any support for using certificates on smartcards with Gnutls?
>
> No, there does not appear to be.  I think it could be very useful to
> support private keys from smartcards in GnuTLS, but it would perhaps be
> even more useful to have generic out-of-process private key handling
> (like ssh-agent from OpenSSH does) so that developers could implement a
> smartcard-capable private key backend directly as a plugin.

Yes.  Using the callback I mentioned, I think it should be possible to
implement a small library that talks to SeaHorse or similar to provide
this functionality.

> This is a counterpoint to the idea of an external certificate validation
> agent, which was at one point fleshed out here:
>
>  http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation
>
> but that page seems to currently give a 404 error (Simon, the whole
> redmine instance seems to be gone -- is this something you already know
> about?)

Yes, for some reason the performance of ruby/redmine made the host
really slow so I had to disable it.  What we need is just some wiki
space to work on ideas like this... I don't have sysadmin resources to
keep redmine running, so help here would be appreciated.

/Simon





More information about the Gnutls-help mailing list