summaryrefslogtreecommitdiff
path: root/content/technical/talk-at-guadec-on-integration-of-certificate-and-key-storage.md
blob: 9d27cc699e51e610414b0cfd5d1b267ef316ab33 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Title: Talk at GUADEC on Integration of Certificate and Key Storage
Date: 2010-05-14
Tags: technical, security, gnome
Slug: talk-at-guadec-on-integration-on

I'll be attending GUADEC for the first time. Not only that but I'll be
giving a talk. I'm a bit nervous, but excited!

The talk is about integrating various
applications using keys and certificates to use a common key
storage.





  






Currently each application puts their
certificates and private keys in distinct locations, which make it hard
for the user, but also for application developers, since new
applications integrating crypto need to work out a whole raft of things
such as secure key storage.





-   Currently when you need to use a
    certificate with network-manager and a wireless connection, you have
    to specify three files in a fragile formats.
-   When using certificates with
    evolution or firefox or thunderbird each application stores them in
    their own key storage.
-   SSH Keys (which are in fact the same
    sort as the above) are stored in `~/.ssh`



It's a little bit like each application
not sharing a filesystem, but having their own part of the disk to write
their documents to. With GPG we have all applications sharing the same
keyring (per-user obviously), but so far this hasn't been the case with
X.509 certificates and keys.





  






Because of the development in
gnome-keyring around a standard called PKCS\#11 it's now possible to
integrate the key storage between applications, and in our talk we'll
discuss how to do this in a secure, transparent and configurable
way.







  






This also means it'll be easier for
applications to gain support for keys, and to have smart card related
features and other stuff like that in the future.</span>