1 files changed, 31 insertions, 0 deletions

diff --git a/content/technical/introducing-libgck-a-pkcs11-gobject-wrapper.md b/content/technical/introducing-libgck-a-pkcs11-gobject-wrapper.md
new file mode 100644
index 0000000..8901cc4
--- /dev/null
+++ b/content/technical/introducing-libgck-a-pkcs11-gobject-wrapper.md
@@ -0,0 +1,31 @@
+Title: Introducing libgck: A PKCS#11 GObject wrapper
+Date: 2010-10-04
+Tags: technical, security, gnome
+Slug: introducing-libgck-pkcs11-gobject
+
+In gnome-keyring we use [PKCS#11][] for the storage of keys and
+certificates. PKCS#11 is standard sort of a plugin API that allows
+drivers or software to provide key storage and crypto algorithms to an
+application.  
+libgck is a GObject wrapper of PKCS#11. Still pretty low level but
+makes PKCS#11 easier to use from GNOME or GTK+ apps. libgck is used
+extensively in gnome-keyring and seahorse.  
+
+-   GCK stands for "**G**object **C**rypto**K**i".
+-   Currently lives in the gnome-keyring git module, but could be split
+    into its own module in the future.
+-   Replaces libgp11 with many lessons learned and a cleaner API.
+
+Besides the mundane expected key and certificate storage functionality
+and crypto mechanisms. There's support for stuff like [PKCS#11 URIs][]
+used to identify keys or certificates residing in a certain key storage
+or smart card. Also enumeration and loading of modules from a [common
+system location][].  
+
+All this goodness is in gnome-keyring master or 2.91.0
+
+</p>
+
+  [PKCS#11]: http://www.rsa.com/rsalabs/node.asp?id=2133
+  [PKCS#11 URIs]: http://tools.ietf.org/html/draft-pechanec-pkcs11uri-02
+  [common system location]: http://wiki.cacert.org/Pkcs11TaskForce