In gnome-keyring we use
PKCS#11 for the storage of keys and certificates. PKCS#11 is standard sort of a plugin API that allows drivers or software to provide key storage and crypto algorithms to an application.
libgck is a GObject wrapper of PKCS#11. Still pretty low level but makes PKCS#11 easier to use from GNOME or GTK+ apps. libgck is used extensively in gnome-keyring and seahorse.
- GCK stands for "Gobject CryptoKi".
- Currently lives in the gnome-keyring git module, but could be split into its own module in the future.
- Replaces libgp11 with many lessons learned and a cleaner API.
Besides the mundane expected key and certificate storage functionality and crypto mechanisms. There's support for stuff like
PKCS#11 URIs used to identify keys or certificates residing in a certain key storage or smart card. Also enumeration and loading of modules from a
common system location.
All this goodness is in gnome-keyring master or 2.91.0
Looks interesting! I'd like to eventually integrate this into Evolution.
ReplyDeletembarnes, you might also want to check out the ui-widgets branch of gnome-keyring with standard certificate and key viewing widgets, and more coming...
ReplyDelete