[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] sign callback for certificate authentication

From: Simon Josefsson
Subject: Re: [gnutls-dev] sign callback for certificate authentication
Date: Tue, 08 May 2007 12:37:04 +0200
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)

Hi again.  I just realized that the work I'm doing on the PKCS#11 branch
is rather similar to what you provided a patch for here.  The code is
different from yours, but let me what you think and if you can test it:

I intend to move the external-signing callback API back into the 1.7.x
branch as soon as possible, because it looks rather safe.  I'm not sure
about our PKCS#11 interface library.  Alon Bar-Lev's comments indicate
that it may be better if we stay out of providing tighter PKCS#11
integration and leave that to him and others to work on.  I'd be happy
with that, since I personally think the PKCS#11 interface is too complex
to inspire good confidence in implementations of it.  Still, making it
easy to use OpenPGP cards is an important use-case for me.


"Jacob Berkman" <address@hidden> writes:

> Hello,
> I've attached a patch to gnutls which adds a callback for the signing
> step of certificate-based authentication.  This was needed because
> some smart card policies do not allow private keys to be read/exported
> from them.  They implement signing directly on the card.
> With this patch, the application can return a NULL private key, and if
> they implement the signing callback, can sign the data themselves.
> I developed this patch against gnutls 1.4.4, but it patches and builds
> cleanly against 1.7.7.  Please let me know if any changes are
> required.
> Thanks,
>  -- jacob
> _______________________________________________
> Gnutls-dev mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]