[Spice-devel] Virtual Smartcard GPG
Alon Levy
alon at pobox.com
Wed Apr 29 04:41:02 PDT 2015
On 04/29/2015 02:20 PM, roky at openmailbox.org wrote:
> Hi. I am trying to get a virtual smartcard attached to a vm but I want
> it to use GPG instead of NSS. RedHat focuses on NSS becuase of PKCS#11
> requirements and FIPS approval, but for most of the community its GPG
> that matters for smartcards.
>
> Is is possible to use GPG on the host instead of NSS with virtual
> smartcards? Please document how or add support for it.
>
> Is using a virtual smartcard make the host less secure from a rogue vm?
> If there are bugs in GPG/NSS backend on the host can they be abused by
> untrusted code in the vm?
There are two implementations, one is passthrough and another uses a
virtual card on the client side, both end up using the client NSS APIs
for access to the hardware card, assuming in your case host=client then
there is no more or less propensity for abuse then launching any local
program (with the same credentials as the spice viewer).
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list