Gnome Keyring Future Work
GPG Agent based on PKCS#11
- Stores secrets in session keyring.
- Or stores them in login keyring if user requests.
Loading of Arbitrary PKCS#11 modules
- Modules would be loaded directly into applications, and the daemon, so it can store things in those modules such as passwords and secrets.
PKCS#11 module for Removable Disks
- Allows storing of passwords keys and secrets on removeable disk.
- Such a disk would be preregistered and would match up with a PKCS#11 slot.
PKCS#11 module for Home Directory
- This would be more generic than our current user-store module.
- Needs to support CKO_DATA as well.
- Use ASN.1 as a storage format.
Key Generation
- Key generation for RSA and DSA keys.
- Can't block the module lock during generation.
Keyrings stored as CKO_DATA
- Store keyrings in ASN.1 format.
- Smaller keyring format, more flexible.
- Figure out how to store as CKO_DATA so that we can store keyrings on smart cards.
- Strange copy/write/delete necessary because multiple access and we have no locking.
- Define OID for this format and for CKO_DATA storage.
Icons for File Types
- Icons for certificate, key, PKCS#12, PKCS#7 etc...
Viewers for File Types
- Based on gcr.
- Viewers for certificate already there.
- Viewer for keys.
- Flowable document style, rather than widget look.
- Integration of these viewers into seahorse.
- Viewer and parser for OpenPGP data, so we can look at keys directly.
Connecting into Crypto Libraries
- Simple headers for connecting to libnss3
- PKCS#11 integration into gnutls.
- Better integration of openssl-pkcs11 engine in OpenSSL.
GP11 Library
- Rename to 'gck' and modify API.
Session doesn't track a slot, can look up via GetSessionInfo
- Object always tracks a session, not a slot.
- Cancellation API.
- Implement CK_NOTIFY