We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Unifying access to PKCS#11 tokens

Formal Metadata

Title
Unifying access to PKCS#11 tokens
Alternative Title
security 1600 pkcs11
Title of Series
Number of Parts
64
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
ryptographic services in modern operating systems today are being accessed by applications by using libraries, either high level ones that hide all details, or low level ones that force the user to deal with an amount of (un)interesting details of each cryptographic algorithm. Applications in the GNU/Linux and *BSD operating systems usually share the same libraries for cryptographic operations and protocols. Those can be one of Botan, OpenSSL, NSS, GnuTLS and maybe some more. This is quite a variety of choices which we believe is because of the different programming style that each library enforces, the different algorithms it provides and the ease of usage, which are subjective issues that depend on the eye of the beholder. However this diversity of cryptographic libraries has some disadvantages. For operations such as signing/encryption involving PKCS #11 hardware tokens, or software modules, objects need to be referenced. Currently there is no uniform way of referencing those objects and each of the libraries has its own conventions or delegate the burden of referencing objects to the application. This in effect makes sharing of those object references between different applications impossible and users are required to learn each application's unique interface. Moreover the fact that usually there are more than one PKCS #11 providers in a system, but no way to globally enable them for all cryptographic applications, leaves the burden of setup to users.