[kmf-discuss] pkinit slotid=N ?

Darren J Moffat Darren.Moffat at Sun.COM
Fri Jan 11 05:59:06 EST 2008

Nicolas Williams wrote:
> On Thu, Jan 10, 2008 at 02:23:51PM -0600, Douglas E. Engert wrote:
>> Nicolas Williams wrote:
>>> The Solaris libpkcs11 is, indeed, pluggable (you have to get a cert
>>> issued to you by Sun for code signing your PKCS#11 plug-ins).
>> Good. So how would that work for OpenSC, that is source code,
>> and might be compiled localy. Is this like what Microsoft used to do
>> with CSPs?
> I don't know enough about what "Microsoft used to do with CSPs".  I've
> posted links to the relevant chapters of the Solaris Security for
> Developers Guide before.  Short answer: yes, you should be able to use
> third-party PKCS#11 modules through Solaris' libpkcs11, though you have
> to have them signed, and you can get your own code signing certificates
> issued by Sun as described in that Guide.

Whats more we have Sun Customers (rather than ISVs or software OEMs) 
that have been issued signing certs for exactly this reason for exactly 
that PKCS#11 library from OpenSC.

Darren J Moffat

More information about the krbdev mailing list