Protecting keys using a TPM
nmav at gnutls.org
Fri Mar 8 07:22:47 PST 2013
On 03/08/2013 03:16 PM, Stef Walter wrote:
> BTW ... poke, poke, do you know why opensc still doesn't ship  a
> p11-kit module conf file? Downstream packagers do .
And while on the opensc wishlist mode, Martin please consider the patch
 to remove smart card initialization in C_Initialize(). That patch
saves several seconds (5-6 in my case) of loading time in p11-kit if
smart cards/tokens aren't used and one is present.
The patch has been put into an "let's see that later" mode, but it is
very crucial for applications that load pkcs11 modules because they
_may_ use smart cards. Now any potential smart card user suffers the
delay at startup (and in few cases even the application whitelists
allowed by p11-kit cannot help).
More information about the p11-glue