blob: 8901cc4ad47579fc0d7f2257cc2887a3c1e26afc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Title: Introducing libgck: A PKCS#11 GObject wrapper
Date: 2010-10-04
Tags: technical, security, gnome
Slug: introducing-libgck-pkcs11-gobject
In gnome-keyring we use [PKCS#11][] for the storage of keys and
certificates. PKCS#11 is standard sort of a plugin API that allows
drivers or software to provide key storage and crypto algorithms to an
application.
libgck is a GObject wrapper of PKCS#11. Still pretty low level but
makes PKCS#11 easier to use from GNOME or GTK+ apps. libgck is used
extensively in gnome-keyring and seahorse.
- GCK stands for "**G**object **C**rypto**K**i".
- Currently lives in the gnome-keyring git module, but could be split
into its own module in the future.
- Replaces libgp11 with many lessons learned and a cleaner API.
Besides the mundane expected key and certificate storage functionality
and crypto mechanisms. There's support for stuff like [PKCS#11 URIs][]
used to identify keys or certificates residing in a certain key storage
or smart card. Also enumeration and loading of modules from a [common
system location][].
All this goodness is in gnome-keyring master or 2.91.0
</p>
[PKCS#11]: http://www.rsa.com/rsalabs/node.asp?id=2133
[PKCS#11 URIs]: http://tools.ietf.org/html/draft-pechanec-pkcs11uri-02
[common system location]: http://wiki.cacert.org/Pkcs11TaskForce
|
