[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-devel] PKCS#11 passthrough for Smartcards
- To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
- From: <J.Witvliet@xxxxxxxxx>
- Date: Tue, 17 May 2011 11:38:56 +0200
- Accept-language: en-US, nl-NL
- Acceptlanguage: en-US, nl-NL
- Delivery-date: Tue, 17 May 2011 02:39:59 -0700
- List-id: Xen developer discussion <xen-devel.lists.xensource.com>
As advised, i'll put the message on the devel-list
Kind regards, Hans
From: Joseph Glanville [mailto:joseph.glanville@xxxxxxxxxxxxxx]
Sent: woensdag 11 mei 2011 18:01
To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN
Cc: xen-users@xxxxxxxxxxxxxxxxxxx; hwit@xxxxxxxxxxx
Subject: Re: [Xen-users] PKCS#11 passthrough for Smartcards
As far as I am aware this isn't supported - it would require a paravirtualised
backend to be possible. I think I have seen you request it a few times and
noone is yet to reply. You could try the xen-devel list to see if anyone has
been working on one but once again, I doubt it.
Have you had any luck with KVM or the other hypervisors? This seems like a much
more "desktop" feature so you might be better off looking at a less server
consolidation oriented hypervisor if that makes sense.
On 11 May 2011 23:34, <J.Witvliet@xxxxxxxxx> wrote:
> Hi all,
> Someone mentioned today to me, that the "competing virtualisation product"
> is capable of doing PKCS-forwarding towards a virtual client.
> So, my question here, does XEN supports PKCS-passthrough?
> As i also need my smartcard locally (on the hypervisor), i can not use
> neither pci nor usb-forwarding....
It's strange that in a world that is "conceived as" more insecure, devices like
tokens and smartcard are not becoming mainstream.
RedHat can currently do virtualisation af an (USA) CAC-card for their KVM.
And it looks like a business-case is being made to alter their code to support
As a longterm SuSE/XEN user, it is something i'm not all to pleased about.
Bit in generally, from the response, it looks like nobody is interested in it
Actually, i'm beginning to contemplate in another direction: the possibility
for accessing via the opensc-libs a reader&smartcard on a remote node in
general, not just between a virtualmachine hoster/clients.
If i can pull it off, it would not only be usable for any virtuaization
technique, but also for any remote desktops, like vnc, nomachine, etc etc.
But i just want to be shure that this isn't done yet, or just to be released:
time is precious.....
Please disregard any meaningless disclaimers, that are placed beyond my span of
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband
houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are
not the addressee or if this message was sent to you by mistake, you are
requested to inform the sender and delete the message. The State accepts no
liability for damage of any kind resulting from the risks inherent in the
electronic transmission of messages.
Xen-devel mailing list