Bug 1173546 (PKCS11) - PKCS#11 sanity tracker
Summary: PKCS#11 sanity tracker
Alias: PKCS11
Product: Fedora
Classification: Fedora
Component: distribution
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
Depends On: 1073320 1085327 1135932 1172247 1173279 1173548 1173552 1173554 1173559 1173577 1173579 1173581 1173582 1205120 1217727 1217915 1219544 1233593 1233626 1236107 1236526 1242469 1251018 1378800
TreeView+ depends on / blocked
Reported: 2014-12-12 12:00 UTC by David Woodhouse
Modified: 2019-11-08 10:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2019-11-08 10:02:37 UTC
Type: Bug

Attachments (Terms of Use)

Description David Woodhouse 2014-12-12 12:00:57 UTC
We ship p11-kit which gives PKCS#11 modules such as OpenSC a a simple way to register themselves with the system and be automatically visible to applications.

With well-behaved applications, the device (and objects therein) will Just Work™. It's as simple as installing the OpenSC (or whatever) package, and plugging the device in. And then they appear in the seahorse GUI, can be queried with p11tool, can be used with applications like the OpenConnect VPN client by using standard PKCS#11 URIs.

Well-behaved applications should:

 - Use the p11-kit-configured set of modules instead of having to be
   explicitly told which provider module to use (defaulting to
   p11-kit-proxy.so as the provider is a simple way to fix this).

 - Use standard PKCS#11 URIs as described in
   https://tools.ietf.org/html/draft-pechanec-pkcs11uri-16 instead of
   their own non-standard form (engine_pkcs11, pkcs11_helper thus

 - Allow the use of PKCS#11 objects in all cases that a file can be
   used for a certificate and/or key.

Comment 1 Nikos Mavrogiannopoulos 2015-04-23 07:12:03 UTC
PKCS #11 URLs is now a standard's track RFC:

Comment 2 Nikos Mavrogiannopoulos 2019-11-08 10:02:37 UTC
Closing tracker as everything tracked is complete.

Note You need to log in before you can comment on or make changes to this bug.