Mention key protection through isolation in crypto backend section

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-10-21 19:57:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-10-21 19:57:39 +0200
commit: 968e93d1c8b1f51d810e22b9243a2cb24d85137a (patch)
tree: 670f5d600f4a0c9644f4e616d480aeef93100985 /doc
parent: 6c9d650db4571d2b5fbf3586ae75c7faa92e494d (diff)
download: gnutls-968e93d1c8b1f51d810e22b9243a2cb24d85137a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index daf5f362d3..2fdf977a15 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -430,6 +430,7 @@ at some point in your program.
 
 @node Cryptographic Backend
 @section Cryptographic Backend
+
 Today most new processors, either for embedded or desktop systems
 include either instructions  intended to speed up cryptographic operations,
 or a co-processor with cryptographic capabilities. Taking advantage of 
@@ -509,3 +510,9 @@ Those registration functions will only replace the specified algorithm
 and leave the rest of subsystem intact.
 
 
+@subheading Protecting keys through isolation
+
+For asymmetric or public keys, GnuTLS supports PKCS #11 which allows
+operation without access to long term keys, in addition to CPU offloading.
+For more information see @ref{Hardware security modules and abstract key types}.
+
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-10-21 19:57:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-10-21 19:57:39 +0200
commit	968e93d1c8b1f51d810e22b9243a2cb24d85137a (patch)
tree	670f5d600f4a0c9644f4e616d480aeef93100985 /doc
parent	6c9d650db4571d2b5fbf3586ae75c7faa92e494d (diff)
download	gnutls-968e93d1c8b1f51d810e22b9243a2cb24d85137a.tar.gz