Introduction

This is an effort to use and promote PKCS#11 as glue between crypto libraries and security applications on the open source desktop.

On the desktop today we have a variety of technically excellent crypto libraries (such as NSS, GnuTLS, OpenSSL etc.) The diversity allows each to excel and progress in its area of focus. Applications choose to use different crypto libraries for all sorts of good reasons.

Users suffer because the desktop lacks a consistent way to use certificates or keys with all the various applications. For example different applications look for their trust anchor certificates in different places, and configuring each application with a client certificate is a laborious task.

Developers suffer because when an application needs to use security (like TLS), the application needs to provide support for all sorts of security configuration, cetrificate/key file locations, security exceptions, smart cards, and so on. And so progress suffers because there's no foundation for consistent place to store security stuff on the desktop.

PKCS#11 is a standard for accessing crypto objects like keys and certificates and performing cryptographic operations on them. It's often used together with smart cards.

By using PKCS#11 to provide a pluggable way for crypto libraries and other software to access keys, certificate, and things like trust anchors, we can solve the above problems.

We can use PKCS#11 to make apps more secure (through the support use of smart cards), more usable (through common storage), and easier to develop (through standard ways to store and access crypto objects).