Re: gnome-keyring A few Keyring issues

[Stef Walter <stefw gnome org>]

On 08/05/2010 07:51 PM, Yaron Sheffer wrote:
> you will recall my question about locking the keyring upon suspend.
> There was no response on the power management mailing list. Did you by
> any chance discuss it with them at GUADEC? How can we move forward
> anyway - should I open a bug against PM?

Yes, sure.

However as I noted in the other email PM doesn't cover all the
situations we want to lock the keyring. Is there's a framework on a
modern desktop that's a better fit for us to hook into than GPM?

> And lastly, I see you are active on the SAAG list regarding PKCS#11. I
> haven't figured out yet KR's PKCS#11 architecture, so apologies if this
> is explained somewhere: is there an API where a PKCS#11 provider (like a
> smartcard driver, or a TPM driver) can register itself, so that it can
> then be discovered by name and used by KR/Seahorse?

Yes. Thanks for poking me about this. I wanted to post/blog about it...

I've been discussing this with on the OpenSC list with some folks there
[1]. We've currently settled on this 'standard':

http://wiki.cacert.org/Pkcs11TaskForce

This discussion took place outside of GNOME since we're interested in
having a somewhat common standard for this stuff.

I've implemented support in the gck-work [2] branch of gnome-keyring for
this, but haven't yet connected it to seahorse or the rest of gnome-keyring.

 Right now it looks
> like KR can only work with its hardcoded internal PKCS#11 providers. I
> expect such a mechanism would tie into your URN work.

Yes, certainly. I'm working on URI support (again in the gck-work
branch) but it's not yet pushed to git.gnome.org.

Cheers,

Stef


[1]
http://www.opensc-project.org/pipermail/opensc-devel/2010-July/014507.html

[2]
http://git.gnome.org/browse/gnome-keyring/commit/?h=gck-work&id=cea36adf672a4b26a632362c8559d9db2785d66e