diff options
Diffstat (limited to 'manual/html_node/Smart-cards-and-HSMs.html')
| -rw-r--r-- | manual/html_node/Smart-cards-and-HSMs.html | 237 |
1 files changed, 0 insertions, 237 deletions
diff --git a/manual/html_node/Smart-cards-and-HSMs.html b/manual/html_node/Smart-cards-and-HSMs.html deleted file mode 100644 index 54078f3305..0000000000 --- a/manual/html_node/Smart-cards-and-HSMs.html +++ /dev/null @@ -1,237 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<!-- This manual is last updated 4 March 2015 for version -3.5.4 of GnuTLS. - -Copyright (C) 2001-2015 Free Software Foundation, Inc.\\ -Copyright (C) 2001-2015 Nikos Mavrogiannopoulos - -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU Free Documentation License, Version 1.3 or -any later version published by the Free Software Foundation; with no -Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A -copy of the license is included in the section entitled "GNU Free -Documentation License". --> -<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ --> -<head> -<title>GnuTLS 3.5.4: Smart cards and HSMs</title> - -<meta name="description" content="GnuTLS 3.5.4: Smart cards and HSMs"> -<meta name="keywords" content="GnuTLS 3.5.4: Smart cards and HSMs"> -<meta name="resource-type" content="document"> -<meta name="distribution" content="global"> -<meta name="Generator" content="makeinfo"> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<link href="index.html#Top" rel="start" title="Top"> -<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> -<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> -<link href="Hardware-security-modules-and-abstract-key-types.html#Hardware-security-modules-and-abstract-key-types" rel="up" title="Hardware security modules and abstract key types"> -<link href="PKCS11-Initialization.html#PKCS11-Initialization" rel="next" title="PKCS11 Initialization"> -<link href="Application_002dspecific-keys.html#Application_002dspecific-keys" rel="prev" title="Application-specific keys"> -<style type="text/css"> -<!-- -a.summary-letter {text-decoration: none} -blockquote.indentedblock {margin-right: 0em} -blockquote.smallindentedblock {margin-right: 0em; font-size: smaller} -blockquote.smallquotation {font-size: smaller} -div.display {margin-left: 3.2em} -div.example {margin-left: 3.2em} -div.lisp {margin-left: 3.2em} -div.smalldisplay {margin-left: 3.2em} -div.smallexample {margin-left: 3.2em} -div.smalllisp {margin-left: 3.2em} -kbd {font-style: oblique} -pre.display {font-family: inherit} -pre.format {font-family: inherit} -pre.menu-comment {font-family: serif} -pre.menu-preformatted {font-family: serif} -pre.smalldisplay {font-family: inherit; font-size: smaller} -pre.smallexample {font-size: smaller} -pre.smallformat {font-family: inherit; font-size: smaller} -pre.smalllisp {font-size: smaller} -span.nolinebreak {white-space: nowrap} -span.roman {font-family: initial; font-weight: normal} -span.sansserif {font-family: sans-serif; font-weight: normal} -ul.no-bullet {list-style: none} -body { - margin: 2%; - padding: 0 5%; - background: #ffffff; -} -h1,h2,h3,h4,h5 { - font-weight: bold; - padding: 5px 5px 5px 5px; - background-color: #c2e0ff; - color: #336699; -} -h1 { - padding: 2em 2em 2em 5%; - color: white; - background: #336699; - text-align: center; - letter-spacing: 3px; -} -h2 { text-decoration: underline; } -pre { - margin: 0 5%; - padding: 0.5em; -} -pre.example,pre.verbatim { - padding-bottom: 1em; - - border: solid #c2e0ff; - background: #f0faff; - border-width: 1px 1px 1px 5px; - margin: 1em auto; - width: 90%; -} - -div.node { - margin: 0 -5% 0 -2%; - padding: 0.5em 0.5em; - margin-top: 0.5em; - margin-bottom: 0.5em; - font-weight: bold; -} -dd, li { - padding-top: 0.1em; - padding-bottom: 0.1em; -} -div.float { - - margin-bottom: 0.5em; - text-align: center; -} - -table { - text-align: left; - margin-left:auto; - margin-right:auto; - border-spacing: 7px; - width: 50%; -} - -th { - padding: 0; - color: #336699; - background-color: #c2e0ff; - border: solid #000000; - border-width: 0px; - margin: 1em auto; - text-align: center; - margin-left:auto; - margin-right:auto; -} - -td { - padding: 0; - border: solid #000000; - background-color: #f0faff; - border-width: 0px; - margin: 1em auto; - text-align: left; - margin-left:auto; - margin-right:auto; - padding-left: 1em; -} - -dl { - text-align: left; - margin-left:auto; - margin-right:auto; - width: 50%; - - padding-left: 1em; - border: solid #c2e0ff; - background: #f0faff; - border-width: 5px 1px 1px 1px; - margin: 1em auto; -} - ---> -</style> - - -</head> - -<body lang="en"> -<a name="Smart-cards-and-HSMs"></a> -<div class="header"> -<p> -Next: <a href="Trusted-Platform-Module.html#Trusted-Platform-Module" accesskey="n" rel="next">Trusted Platform Module</a>, Previous: <a href="Application_002dspecific-keys.html#Application_002dspecific-keys" accesskey="p" rel="prev">Application-specific keys</a>, Up: <a href="Hardware-security-modules-and-abstract-key-types.html#Hardware-security-modules-and-abstract-key-types" accesskey="u" rel="up">Hardware security modules and abstract key types</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> -<hr> -<a name="Smart-cards-and-HSMs-1"></a> -<h3 class="section">5.3 Smart cards and HSMs</h3> -<a name="index-PKCS-_002311-tokens"></a> -<a name="index-hardware-tokens"></a> -<a name="index-hardware-security-modules"></a> -<a name="index-smart-cards"></a> - -<p>In this section we present the smart-card and hardware security module (HSM) support -in <acronym>GnuTLS</acronym> using <acronym>PKCS</acronym> #11 [<em>PKCS11</em>]. Hardware security -modules and smart cards provide a way to store private keys and perform -operations on them without exposing them. This decouples cryptographic -keys from the applications that use them and provide an additional -security layer against cryptographic key extraction. -Since this can also be achieved in software components such as in Gnome keyring, -we will use the term security module to describe any cryptographic key -separation subsystem. -</p> -<p><acronym>PKCS</acronym> #11 is plugin API allowing applications to access cryptographic -operations on a security module, as well as to objects residing on it. PKCS -#11 modules exist for hardware tokens such as smart cards<a name="DOCF10" href="#FOOT10"><sup>10</sup></a>, -cryptographic tokens, as well as for software modules like <acronym>Gnome Keyring</acronym>. -The objects residing on a security module may be certificates, public keys, -private keys or secret keys. Of those certificates and public/private key -pairs can be used with <acronym>GnuTLS</acronym>. PKCS #11’s main advantage is that -it allows operations on private key objects such as decryption -and signing without exposing the key. In GnuTLS the PKCS #11 functionality is -available in <code>gnutls/pkcs11.h</code>. -</p> -<p>Moreover <acronym>PKCS</acronym> #11 can be (ab)used to allow all applications in the same operating system to access -shared cryptographic keys and certificates in a uniform way, as in <a href="#fig_002dpkcs11_002dvision">Figure 5.1</a>. -That way applications could load their trusted certificate list, as well as user -certificates from a common PKCS #11 module. Such a provider is the p11-kit trust -storage module<a name="DOCF11" href="#FOOT11"><sup>11</sup></a>. -</p> -<div class="float"><a name="fig_002dpkcs11_002dvision"></a> -<img src="pkcs11-vision.png" alt="pkcs11-vision"> - -<div class="float-caption"><p><strong>Figure 5.1: </strong>PKCS #11 module usage.</p></div></div> -<table class="menu" border="0" cellspacing="0"> -<tr><td align="left" valign="top">• <a href="PKCS11-Initialization.html#PKCS11-Initialization" accesskey="1">PKCS11 Initialization</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="PKCS11-Manual-Initialization.html#PKCS11-Manual-Initialization" accesskey="2">PKCS11 Manual Initialization</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="Accessing-objects-that-require-a-PIN.html#Accessing-objects-that-require-a-PIN" accesskey="3">Accessing objects that require a PIN</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="Reading-objects.html#Reading-objects" accesskey="4">Reading objects</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="Writing-objects.html#Writing-objects" accesskey="5">Writing objects</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="Using-a-PKCS11-token-with-TLS.html#Using-a-PKCS11-token-with-TLS" accesskey="6">Using a PKCS11 token with TLS</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -<tr><td align="left" valign="top">• <a href="p11tool-Invocation.html#p11tool-Invocation" accesskey="7">p11tool Invocation</a>:</td><td> </td><td align="left" valign="top"> -</td></tr> -</table> - -<div class="footnote"> -<hr> -<h4 class="footnotes-heading">Footnotes</h4> - -<h3><a name="FOOT10" href="#DOCF10">(10)</a></h3> -<p>For example, OpenSC-supported cards.</p> -<h3><a name="FOOT11" href="#DOCF11">(11)</a></h3> -<p><a href="http://p11-glue.freedesktop.org/trust-module.html">http://p11-glue.freedesktop.org/trust-module.html</a></p> -</div> -<hr> -<div class="header"> -<p> -Next: <a href="Trusted-Platform-Module.html#Trusted-Platform-Module" accesskey="n" rel="next">Trusted Platform Module</a>, Previous: <a href="Application_002dspecific-keys.html#Application_002dspecific-keys" accesskey="p" rel="prev">Application-specific keys</a>, Up: <a href="Hardware-security-modules-and-abstract-key-types.html#Hardware-security-modules-and-abstract-key-types" accesskey="u" rel="up">Hardware security modules and abstract key types</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> - - - -</body> -</html> |