Re: [gnutls-dev] GnuTLS PKCS#11 Engine

[Alon Bar-Lev]

On 5/14/07, Simon Josefsson <address@hidden> wrote:
> "Alon Bar-Lev" <address@hidden> writes:
>
> > An initial version of gnugls-pkcs11 is available for testing.
> > It should provide a simple API to access PKCS#11 cryptographic tokens.
>
> Cool!  I'm able to authenticate to the test.gnutls.org test server using
> my brand new Swedish NIDEL ID card using the OpenSC PKCS#11 provider.

Great!
Please try Scute... I've never tried it before... It should use
protected authentication, it means that the program should not ask you
for PIN but the gnupg pinentry should pop up.

Some questions:

1. Do you have any comments regarding the API?

2. Do you want me to add the gnutls interface to pkcs11-helper (as in
OpenSSL case) or leave it as a separate module?

3. Do you think there is advantage of creating subset API of
pkcs11-helper available (current state), or have the developer access
pkcs11-helper directly and provide some utilities for GnuTLS
environment (as in OpenSSL case).

> Pkcs11-helper needs the following patch to compile configured with
>
> ./configure --without-crypto-engine-openssl --disable-openssl
>
> though.

Oops... Long time since I tried GnuTLS only... :)
Thanks!

Best Regards,
Alon Bar-Lev.