Smartcard (pkcs11) support?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Woodhouse <dwmw2 at infradead.org> wrote:

> This is a lot more feasible now than it used to be ? at least gnutls has
> DTLS support now. You'd just need to add the hacks to make it compatible
> with Cisco's bastardised version of the protocol.

Hm, I asked because gnutls seems to have a clean native pkcs11 Interface
with a unified key/cert adressing scheme.
Using the sourcecode at
http://www.gnu.org/software/gnutls/manual/html_node/Client-using-a-smart-card-with-TLS.html
I have been able now to use my smartcard out of the box adding my
proprietary pkcs11 library to the pool of available pkcs11 libraries.

There is also a nice commandline utility "p11tool" which provides
access to the keys stored on the pkcs11 provides (on the smartcard in
my case).

> Alternatively, use an OpenSSL "Engine". OpenConnect has worked with a
> TPM from the very beginning, that way.

The pkcs11 engine for openssl is provided by a third party and is
unfortunately not very well documented and looks more or less
unmaintaned to me.  I have not yet been able to access the card properly
using it.  A p11tool equivalent does not seem to exist.  At least I
did not yet find one.  In gnutls TPM access seems to be also possible
using pkcs11.

Sven

-- 
TCP/IP: telecommunication protocol for imbibing pilsners
	                             (Man-page uubp(1C) on Debian/GNU Linux)

/me is giggls at ircnet, http://sven.gegg.us/ on the Web



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux