Monday, October 4, 2010

Introducing libgck: A PKCS#11 GObject wrapper

In gnome-keyring we use PKCS#11 for the storage of keys and certificates. PKCS#11 is standard sort of a plugin API that allows drivers or software to provide key storage and crypto algorithms to an application.
libgck is a GObject wrapper of PKCS#11. Still pretty low level but makes PKCS#11 easier to use from GNOME or GTK+ apps. libgck is used extensively in gnome-keyring and seahorse.
  • GCK stands for "Gobject CryptoKi".
  • Currently lives in the gnome-keyring git module, but could be split into its own module in the future.
  • Replaces libgp11 with many lessons learned and a cleaner API.
Besides the mundane expected key and certificate storage functionality and crypto mechanisms. There's support for stuff like PKCS#11 URIs used to identify keys or certificates residing in a certain key storage or smart card. Also enumeration and loading of modules from a common system location.
All this goodness is in gnome-keyring master or 2.91.0


  1. Looks interesting! I'd like to eventually integrate this into Evolution.

  2. mbarnes, you might also want to check out the ui-widgets branch of gnome-keyring with standard certificate and key viewing widgets, and more coming...