Re: Virtual Smartcard GPG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/29/2015 02:20 PM, roky@xxxxxxxxxxxxxxx wrote:
> Hi. I am trying to get a virtual smartcard attached to a vm but I want
> it to use GPG instead of NSS. RedHat focuses on NSS becuase of PKCS#11
> requirements and FIPS approval, but for most of the community its GPG
> that matters for smartcards.
> 
> Is is possible to use GPG on the host instead of NSS with virtual
> smartcards? Please document how or add support for it.
> 
> Is using a virtual smartcard make the host less secure from a rogue vm?
> If there are bugs in GPG/NSS backend on the host can they be abused by
> untrusted code in the vm?

There are two implementations, one is passthrough and another uses a
virtual card on the client side, both end up using the client NSS APIs
for access to the hardware card, assuming in your case host=client then
there is no more or less propensity for abuse then launching any local
program (with the same credentials as the spice viewer).

> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]