[Bug 426152] Review Request: openCryptoki - An open-source PKCS#11 implementation
bugzilla at redhat.com
bugzilla at redhat.com
Wed Dec 19 17:35:19 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: openCryptoki - An open-source PKCS#11 implementation
https://bugzilla.redhat.com/show_bug.cgi?id=426152
------- Additional Comments From key at linux.vnet.ibm.com 2007-12-19 12:35 EST -------
It wouldn't be a non-NSS mechanism, just a different provider. By default,
NSS contains a software-only PKCS#11 implementation it uses internally.
openCryptoki is just another implementation of the APIs NSS is using to
interface to this internal implementation to store certificates and do crypto.
You might want to do this for the reasons I mentioned earlier, to get hardware
acceleration or take advantage of secure keys in the TPM or other hardware.
This is not the only use of PKCS#11 by the way, the Java JCE interfaces to
PKCS#11 as well. As far as I know, NSS doesn't ship a library exposing its
PKCS#11 APIs for other software packages to take advantage of, so without
openCryptoki the JCE could not be hardware accelerated.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list