[Authentication] Applications storing secrets in configuration
Alberto Mardegan
mardy at users.sourceforge.net
Wed May 29 05:18:05 PDT 2013
Hi Stef, and apologies for joining the conversation this late.
On 05/22/2013 07:27 PM, Stef Walter wrote:
> On 22.05.2013 18:06, Anders Rundgren wrote:
>> Who in the Open Source community is actually working with that?
>
> I've been doing some work on it with the p11-glue effort, with a focus
> on private-keys and certificates.
Do I understand correctly that your proposal is about writing a thin
layer on top of PKCS#11?
AFAIU, PKCS#11 main functionality is to give applications access to
tokens stored in some cryptographic devices, but that generally has a
system-wide scope and doesn't take the user/application into account.
So what you'd be adding is a way to let each application receive a
different token, right?
Do you already have any idea of how configurable this will be? For
instance, who and how decides that a certain application should receive
the null token (to disable encryption)?
Ciao,
Alberto
--
http://blog.mardy.it <- geek in un lingua international!
More information about the Authentication
mailing list