Gnome Keyring Future Work

GPG Agent based on PKCS#11

  • Stores secrets in session keyring.
  • Or stores them in login keyring if user requests.

Loading of Arbitrary PKCS#11 modules

  • Modules would be loaded directly into applications, and the daemon, so it can store things in those modules such as passwords and secrets.

PKCS#11 module for Removable Disks

  • Allows storing of passwords keys and secrets on removeable disk.
  • Such a disk would be preregistered and would match up with a PKCS#11 slot.

PKCS#11 module for Home Directory

  • This would be more generic than our current user-store module.
  • Needs to support CKO_DATA as well.
  • Use ASN.1 as a storage format.

Key Generation

  • Key generation for RSA and DSA keys.
  • Can't block the module lock during generation.

Keyrings stored as CKO_DATA

  • Store keyrings in ASN.1 format.
  • Smaller keyring format, more flexible.
  • Figure out how to store as CKO_DATA so that we can store keyrings on smart cards.
  • Strange copy/write/delete necessary because multiple access and we have no locking.
  • Define OID for this format and for CKO_DATA storage.

Icons for File Types

  • Icons for certificate, key, PKCS#12, PKCS#7 etc...

Viewers for File Types

  • Based on gcr.
  • Viewers for certificate already there.
  • Viewer for keys.
  • Flowable document style, rather than widget look.
  • Integration of these viewers into seahorse.
  • Viewer and parser for OpenPGP data, so we can look at keys directly.

Connecting into Crypto Libraries

  • Simple headers for connecting to libnss3
  • PKCS#11 integration into gnutls.
  • Better integration of openssl-pkcs11 engine in OpenSSL.

GP11 Library

  • Rename to 'gck' and modify API.
  • Session doesn't track a slot, can look up via GetSessionInfo

  • Object always tracks a session, not a slot.
  • Cancellation API.
  • Implement CK_NOTIFY

Projects/GnomeKeyring/Todos (last edited 2013-11-26 20:21:42 by WilliamJonMcCann)