Protecting keys using a TPM

Nikos Mavrogiannopoulos nmav at
Fri Mar 8 07:22:47 PST 2013

On 03/08/2013 03:16 PM, Stef Walter wrote:

> BTW ... poke, poke, do you know why opensc still doesn't ship [2] a
> p11-kit module conf file? Downstream packagers do [3].

And while on the opensc wishlist mode, Martin please consider the patch
[0] to remove smart card initialization in C_Initialize(). That patch
saves several seconds (5-6 in my case) of loading time in p11-kit if
smart cards/tokens aren't used and one is present.

The patch has been put into an "let's see that later" mode, but it is
very crucial for applications that load pkcs11 modules because they
_may_ use smart cards. Now any potential smart card user suffers the
delay at startup (and in few cases even the application whitelists
allowed by p11-kit cannot help).



More information about the p11-glue mailing list