<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 25 May 2022, at 19:22, SCOTT FIELDS <<a href="mailto:Scott.Fields@kyndryl.com" class="">Scott.Fields@kyndryl.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">If you’re referring to files in /etc/pki, that’s not a management API, like CAPI or CNG provides in Windows (and a like API in OSX).</span></div></div></div></blockquote><div><br class=""></div>There are tools that you run that manage the files. Sorry I do not have the details in front of me.</div><div>The tools are the API at least for trust store from what I recall when I set it up.</div><div><br class=""><blockquote type="cite" class=""><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">There’s a keychain solution in Gnome (GNOME/Keyring) but not widely adopted that I’ve seen.</span></div></div></div></blockquote><div><br class=""></div><div>I use KDE and the kwallet is used in most apps I use. If there is an app in gnome that is not using the keyring</div><div>then that a problem with the app surely, not the API?</div><br class=""><blockquote type="cite" class=""><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">This just seems a good match to have available within systemd</span></div></div></div></blockquote><div><br class=""></div><div>I do not speak for systemd, just curious about why you think this is needed.</div><div><br class=""></div><div>Barry</div><div><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 13px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 11pt;" class="">From:</span></b><span style="font-size: 11pt;" class=""><span class="Apple-converted-space"> </span>Barry Scott <<a href="mailto:barry@barrys-emacs.org" style="color: blue; text-decoration: underline;" class="">barry@barrys-emacs.org</a>><span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, May 25, 2022 1:16 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>SCOTT FIELDS <<a href="mailto:Scott.Fields@kyndryl.com" style="color: blue; text-decoration: underline;" class="">Scott.Fields@kyndryl.com</a>><br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:systemd-devel@lists.freedesktop.org" style="color: blue; text-decoration: underline;" class="">systemd-devel@lists.freedesktop.org</a><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>[EXTERNAL] Re: [systemd-devel] certificate and trust store feature for systemd<o:p class=""></o:p></span></div></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 1pt; color: white;" class="">On 25 May 2022, at 14:06, SCOTT FIELDS <<a href="mailto:Scott.Fields@kyndryl.com" style="color: blue; text-decoration: underline;" class="">Scott.Fields@kyndryl.com</a>> wrote: I apologize for the very general inquiry. Are there any plans to have system natively support its own trust store for items like CAs, x509 certs, passwords &<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 1pt; color: white;" class=""><o:p class=""></o:p></span></div></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><br class=""><br class=""><o:p class=""></o:p></span></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">On 25 May 2022, at 14:06, SCOTT FIELDS <<a href="mailto:Scott.Fields@kyndryl.com" style="color: blue; text-decoration: underline;" class="">Scott.Fields@kyndryl.com</a>> wrote:<o:p class=""></o:p></span></div></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div class=""><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">I apologize for the very general inquiry.<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""> <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Are there any plans to have system natively support its own trust store for items like CAs, x509 certs, passwords & truststores akin to the keychain in Windows and OS X?<o:p class=""></o:p></span></div></div></div></blockquote><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">But these are solved problems on modern Linux systems aren't they?<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">At least with RHEL and Fedora they have trust store and keychains.<o:p class=""></o:p></span></div></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><br class=""><br class=""><o:p class=""></o:p></span></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""> <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">I still find the management of PKIs in /etc/pki to be problematic.<o:p class=""></o:p></span></div></div></div></blockquote><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div></div><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">For my home network I have my own DNS domain and CA setup. It was easy to add the CA to<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Fedora's trust store.<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><br class=""><br class=""><o:p class=""></o:p></span></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""> <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Having this available as a core service within systemd using like APIs either in (mostly deprecated) CAPI or the new CNG<o:p class=""></o:p></span></div></div></div></blockquote><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Barry<o:p class=""></o:p></span></div></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><br class=""><br class=""><o:p class=""></o:p></span></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""> <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""> <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Scott Fields<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">IBM/Kyndryl<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">SRE – BNSF<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">817-593-5038 (BNSF)<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><a href="mailto:scott.fields@kyndryl.com" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">scott.fields@kyndryl.com</span></a><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 10pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><a href="mailto:scott.fields@bnsf.com" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">scott.fields@bnsf.com</span></a></span></div></div></div></blockquote></div></div></div></blockquote></div><br class=""></body></html>