Directrices para Manejo de Certificados

Estas directrices son relevantes para mantener paquetes los cuales utilicen tarjetas inteligentes para cargar certificado o llave privada. Supone que es traer una conesistencia en tarjeta pequeña manipulando en el SO; para retro-compatibilidad y motivación consulte el estado actual de PKCD#11 en Fedora.

Como especificar un certificado o clave privada almacenada dentro de una tarjeta inteligente o HSM

In April 2015, RFC7512 defined a 'PKCS#11 URI' as a standard way to identify objects stored in smart cards or HSMs. That form should be understood by programs when specified in place of a certificate file. For non-interactive applications which get information on the command line or configuration file, there should not be a separate configuration option to load keys and certificates stored in smart cards, the same option accepting files, should additionally accept PKCS#11 URIs.

How to specify a specific PKCS#11 provider module for the certificate or key

Packages which can potentially use PKCS#11 tokens SHOULD automatically use the tokens which are present in the system’s p11-kit configuration, rather than needing to have a PKCS#11 provider explicitly specified. See the PKCS#11 packaging page for more information.

Want to help? Learn how to contribute to Fedora Docs ›