There are many devices which can store private keys.
Adding more support would be good, but firstly, it's better to define our scope/focus, as supporting proprietary hardware is difficult task.
Description
Description
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Open | • gniibe | T6364 More device (including virtual) support | ||
| Open | • gniibe | T6234 Implement access to smartcards via a generic pkcs#11 interface |
Event Timeline
Comment Actions
Current status:
- Gnuk Token, Yubikey, OpenPGPcard with some card readers (only w/ specific reliable card readers)
- some cards some card readers (many are not supported well)
- TPM
Possible targets:
I listed those two, as we can develop with no physical hardware and access implementations are available as free software.
Comment Actions
For a device which only provides PKCS#11 driver, I decide to test with SoftHSM.
Testing such a device, there are helper libraries and bindings:
- https://unbound-pypkcs11.readthedocs.io/en/latest/index.html
- https://python-pkcs11.readthedocs.io/en/latest/index.html
- https://github.com/OpenSC/pkcs11-helper
I am currently testing with Python PKCS#11.