KDE and smartcard support

Alon Bar-Lev alon.barlev at gmail.com
Tue May 22 08:42:44 BST 2007

On 5/22/07, Andreas Aardal Hanssen <ahanssen at trolltech.com> wrote:
> On Tuesday 22 May 2007 09:27, you wrote:
> > But you implemented software only solution, there are no hooks to
> > enable the use of external key operations. Also your abstraction of
> > QSslKey a strange "handle()" method that cannot be implemented or used
> > out side of your domain.
> Please explain. The handle() function returns a pointer to a native OpenSSL
> structure. I don't see how this is a problem.

You don't see a problem in abstraction C++ library such as Qt, require
the programmer to write native OpenSSL code?
And that it is documented as:
"Warning: Use of this function has a high probability of being
non-portable, and its return value may vary between platforms, and
between minor Qt releases."

And how do you keep GPL license if you use OpenSSL now?
Do you force users to use OpenSSL on Win32 systems too?

> > Also the term of "QSslKey, QSslCertificate" is strange, since both
> > have nothing to do with SSL.
> Please explain how keys and certificates are unrelated to SSL ;-))).

S/MIME? Digital signature? File encryption?

TLS/SSL is *ONE* of the users of PKI.

You should implement a PKI framework into Qt if you like to introduce
public key cryptography. Actually, when thinking about this... QCA
already doing this... It provide Qt interface for cryptography, have
you look at it?

> > So I don't think the QSslSocket should be used in an environment like
> > KDE, that have a large user based community who do need to use an
> > extra feature (other than simplicity).
> What feature?

The use of hardware based cryptography (Smartcards).
And even if you provide QSslSocket with hooks to use external private
key cryptography, I don't see how Qt can be used for kmail (S/MIME),
kwallet (date encryption), kdm (smartcard authentication).

The reason to use QCA is larger than just solving the TLS/SSL issue.
Because even if we solve this issue, we will have to use QCA to
provide the private key operations, use it for encryption and
smartcard authentication.

Best Regards,
Alon Bar-Lev.

More information about the kde-core-devel mailing list