This site has been retired. For up to date information, see handbook.gnome.org or gitlab.gnome.org.


[Home] [TitleIndex] [WordIndex

Gluing together Desktop Crypto

An effort to use and promote PKCS#11 as glue between crypto libraries and security applications on the open source desktop. Some of this work (the PKCS#11 Foundation components such as p11-kit) has been sponsored by the NLnet Foundation

There are three parts to the integration.

1. Lookup keys and certificates in common places

2. Trust Assertions

Trust Assertions are used to make consistent and predictable trust decisions between applications. Used for things like certificate anchors, and or pinned certificates.

3. Use PKCS#11 URIs

When apps need to refer about a given certificate or key, they use PKCS#11 URIs. This URI can be stored in configs or passed between apps.


2024-10-23 11:36