RE: Smarcard application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You might use the Network Security Services (NSS) library. It's
accredited  against FIPS 140-2 (Federal Information Processing
Standards), and I hear if you use it properly, your application can
inherit that accreditation. This may become more important to you as
time goes on.

NSS does the same sorts of things OpenSSL does, but easily supports
PKCS#11 modules, and CoolKey provides such a module. (It's via NSS ->
PKCS#11 -> Coolkey that Firefox supports CACs, for example.)

NSS's home page is at http://www.mozilla.org/projects/security/pki/nss/

See also http://fedoraproject.org/wiki/FedoraCryptoConsolidation 

I'm pretty sure that the CAC doesn't directly implement or make
available all of the capabilities you would expect; some of these are
emulated in the CoolKey PKCS#11 module. 

You might read <http://curl.haxx.se/lxr/source/lib/nss.c> comparing with
<http://curl.haxx.se/lxr/source/lib/ssluse.c> as a (fairly) simple
example of NSS usage.

NSS is a layer of abstraction between you and PKCS#11 modules. I'm sure
some people use PKCS#11 directly, but I don't know anything about that
route.

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux