Re: gnutls 2.11.0 released

[Christian Hilberg]

Hi Nikos,

tanks for the hints.

On Thursday 05 August 2010 Nikos Mavrogiannopoulos wrote:
> On Thu, Aug 5, 2010 at 12:32 PM, Christian Hilberg
> <address@hidden>
> >> [...]
> >> This is major update release that includes features such as PKCS #11
> >> support for cryptographic objects, support for local system thread
> >> locks, new message buffering layer, support for nettle library and more.
> >> [...]
> >> * Version 2.11.0 (released 2010-07-22)
> >> [...]
> >> ** libgnutls: Added PKCS #11 support and an API to access objects in
> >> gnutls/pkcs11.h. Currently certificates and public keys can be
> >> imported from tokens, and operations can be performed on private keys.
> >> [...more pkcs #11 additions...]
> > 
> > I'm interested in getting to know whether you see this version of GnuTLS
> > fit for accessing client certificates residing in a TPM module (token).
> > 
> > We have a setup with openCryptoki and Trousers and we can access the TPM
> > token via openCryptoki's pkcsslotd using the NSS library. Is the same
> > possible with the current GnuTLS development release as well?
> 
> I've never tried the pkcsslotd but if it provides a pkcs11 module,
> then it should work. Check the gnutls.pdf  from the development for
> more details on pkcs11. The certtool program will provide a quick test
> on whether the pkcs11 library can be used.

pkcsslotd has a PKCS #11 module, which is what NSS uses to talk to the daemon. 
We wil give it a try and report back. However, libsoup (which is the HPPT 
client lib we are evaluating) cannot handle client certificates, so GnuTLS' 
capabilities might not help us much here (unless GnuTLS would handle client 
certs automatically, if the server asks for one).

Thanks and best regards,

        Christian

-- 
kernel concepts GbR        Tel: +49-271-771091-14
Sieghuetter Hauptweg 48    Fax: +49-271-771091-19
D-57072 Siegen
http://www.kernelconcepts.de/

signature.asc
Description: This is a digitally signed message part.