[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] sign callback for certificate authentication
|
From: |
Simon Josefsson |
|
Subject: |
Re: [gnutls-dev] sign callback for certificate authentication |
|
Date: |
Tue, 10 Apr 2007 12:01:33 +0200 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.95 (gnu/linux) |
"Jacob Berkman" <address@hidden> writes:
> Hello,
>
> I've attached a patch to gnutls which adds a callback for the signing
> step of certificate-based authentication. This was needed because
> some smart card policies do not allow private keys to be read/exported
> from them. They implement signing directly on the card.
>
> With this patch, the application can return a NULL private key, and if
> they implement the signing callback, can sign the data themselves.
>
> I developed this patch against gnutls 1.4.4, but it patches and builds
> cleanly against 1.7.7. Please let me know if any changes are
> required.
Hi! This seems quite useful. Ultimately, we probably should support
protocols like PKCS#11 to externalize the signing requests, and I have
been planning to work on this. It may be that your APIs need to
modified slightly to better integrate with that. Anyway, I'm rather
busy now, and won't be able to work on the PKCS#11 stuff in the next
1-2 weeks. If your patch works now, we should install it rather than
wait. To be able to install your patch, however, we need an
assignment of the copyright to the FSF. Is this a problem? Let me
know privately and I'll send it to you.
/Simon