From Fedora Project Wiki
(Created page with "Category:Packaging_guidelines_drafts For background and motivation please see the [https://fedoraproject.org/wiki/User:Nmav/Pkcs11Status current status of PKCS#11 in Fedo...")
 
No edit summary
Line 12: Line 12:
== How to specify a specific PKCS#11 module ==
== How to specify a specific PKCS#11 module ==


Applications should utilize the registered module and MUST NOT require the user to specify a module. See [https://fedoraproject.org/wiki/PackagingDrafts/Pkcs11Support the PKCS#11 packaging information].
Applications should utilize the registered on p11-kit module and MUST NOT require the user to specify a module. The registered on p11-kit module description is given at [https://fedoraproject.org/wiki/PackagingDrafts/Pkcs11Support the PKCS#11 packaging information].

Revision as of 11:01, 6 December 2016


For background and motivation please see the current status of PKCS#11 in Fedora. This guideline updates the previous SSLCertificateHandling.

Proposal

How to specify a certificate or private key?

In April 2015, RFC7512 defined a 'PKCS#11 URI' as a standard way to identify such objects. That form should be understood by programs when specified in place of a certificate file. For non-interactive applications which get information on the command line or configuration file, there should not be a separate configuration option to load keys and certificates stored in smart cards, the same option accepting files, should additionally accept PKCS#11 URIs.

How to specify a specific PKCS#11 module

Applications should utilize the registered on p11-kit module and MUST NOT require the user to specify a module. The registered on p11-kit module description is given at the PKCS#11 packaging information.