[Bug 116201] Add support of PKCS#11 (Smartcards) into KDE

Alon Bar-Lev alon.barlev at gmail.com
Sat Mar 8 07:48:39 GMT 2008 

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=116201         




------- Additional Comments From alon.barlev gmail com  2008-03-08 08:48 -------
> Alon: If you want to do something you should start ASAP so KTcpSocket
> can be made public soon, with Smartcard support. We'd need to figure
> out how to handle UI interaction and while doing that some
> related backend<->UI problems could be solved in one go. 

Hi!

This is the work already done in QCA, so supporting its interface will enable you to know that all OK.

Highlights:

1. Application should not make any assumption regarding the number of certificates available for user. The certificates should be gotten from a "store".

2. Access to certificate store may be with or without authentication, even to the public part of the store. There are some tokens which requires authentication to public objects.

3. Access to the private key may be with or without authentication.

4. Authentication may be triggered several times during session, as there is session expiration feature for some tokens.

5. If user removes a token, then a a private operation is required, the user should be prompted to insert his token. For example: A user uses his token within a browser, then remove it, after several minutes during renegotiation the key is not there, failing the session will sometime fail an application, so the most friendly approach would be to ask the user to insert his token.

6. There should be an option to match between a specific operation and a specific key, so user will not be forced to select the correct certificate over and over, example: mail signing certificate or a certificate for a specific site. This can be achieved by allowing certificate/key serialization.

7. Public objects should be cached as it takes a long time to reload them each time from hardware.

8. As there are a lot of vendors and behaviors, configuration should be separate from applications, and allow specifying custom settings to allow backends behave correctly.

The singer example at QCA demonstrate most of the above. I truly beleive that users will benefit greatly if QCA is used, as most of the work already done. I am sure QCA development team will do whatever needed to support such activity.

Thanks!

More information about the Unassigned-bugs mailing list