[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Gnutls Smartcard support?
|
From: |
Simon Josefsson |
|
Subject: |
[Help-gnutls] Re: Gnutls Smartcard support? |
|
Date: |
Thu, 05 Mar 2009 20:09:14 +0100 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> On 03/05/2009 11:01 AM, Jonathan Manktelow wrote:
>> Hi, Is there any support for using certificates on smartcards with Gnutls?
>
> No, there does not appear to be. I think it could be very useful to
> support private keys from smartcards in GnuTLS, but it would perhaps be
> even more useful to have generic out-of-process private key handling
> (like ssh-agent from OpenSSH does) so that developers could implement a
> smartcard-capable private key backend directly as a plugin.
Yes. Using the callback I mentioned, I think it should be possible to
implement a small library that talks to SeaHorse or similar to provide
this functionality.
> This is a counterpoint to the idea of an external certificate validation
> agent, which was at one point fleshed out here:
>
> http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation
>
> but that page seems to currently give a 404 error (Simon, the whole
> redmine instance seems to be gone -- is this something you already know
> about?)
Yes, for some reason the performance of ruby/redmine made the host
really slow so I had to disable it. What we need is just some wiki
space to work on ideas like this... I don't have sysadmin resources to
keep redmine running, so help here would be appreciated.
/Simon