Brussels / 2 & 3 February 2019


Consistent PKCS#11 in Operating Systems

improving user experience and security in RHEL and Fedora

During last year, we worked hard to make cryptographic tokens usage consistent across the operating system and to improve its usability, mostly using the means of PKCS#11 URIs. This was done for both administrators and end users, in the end resulting in easier configuration of HSMs and authentication using smart cards and cryptographic tokens.

I will outline what we worked on to improve the user experience and support for smart cards, cryptographic tokens and HSMs across the operating system. I will share experience with implementing or improving this support across various applications, libraries and tools, experience with testing them and making sure they work together in Linux distribution. I will focus on the current state in Fedora and RHEL 8 and propose some future steps that we have yet to take.


Photo of Jakub Jelen Jakub Jelen