stefw at collabora.co.uk
Fri Dec 9 07:51:21 PST 2011
On 2011-12-07 00:52, Jaroslav Imrich wrote:
> Hello all,
Hi, good to hear from you.
> I am new to this list so please let me introduce myself first. My name
> is Jaroslav Imrich, I am from Slovakia and I've started SmartCardTools
> project  few months ago. There are not many information available
> about this project yet, but in general I would like to develop two apps:
> APP1. Card Management application with intuitive GUI that would allow
> anyone to manage PKCS#11 compatible devices
BTW, we've integrated some PKCS#11 management into Seahorse (the GNOME
key manager) as well, and hopefully more will come. I'm just completing
a project to get basic smart card operations working in Seahorse.
The big thing that's missing with all these solutions is of course:
initialization of smart cards :S And that's because each smart card does
> APP2. Daemon and client library that would allow remote access for
> PKCS#11 enabled devices
gnome-keyring has a protocol in the rpc-layer code which allows
marshalling of a good deal of pkcs11 to another process. In fact
Corentin Chary has taken that code and and stripped it down into a
project called pkcs11-proxy .
We were thinking of including that RPC functionality in p11-kit. Is that
something that would interest you?
BTW, if you're going to do any PKCS#11 work you should take a look at
p11-kit . It solves some of the issues of configuration, and sharing
of PKCS#11 modules between multiple consumers in the same process.
> I've already started some coding and developed PKCS11-LOGGER - library
> that just logs all function calls and forwards them to other PKCS#11
> library. One can say it's no big deal and it's just a clone of
> PKCS11-SPY but I have learned a lot about PKCS#11 interface during its
Yes, that's a great start. Developing one of those  helped me
understand a lot more about pkcs11 as well. :)
> I have to say that I like the way how Microsoft integrated cryptography
> into their operating systems (with concept of CSPs, unified certificate
> dialogs etc.) and I really miss something similar on Linux desktop.
There's a lot of work being done for that in the Gcr project . It
includes standard certificate viewers, and stuff like that. Not
completely "done" yet, but useful already.
> Therefore I am very happy that p11-glue project exists and tries to make
> cryptography on Linux desktop more consistent and usefull. I've joined
> this list because I believe we have same interests and maybe we could
> share some ideas or even join the development forces.
Cool, sounds great.
More information about the p11-glue