[rs-commit] r82 - /redwax-signtext/trunk/src/linux/README.md
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Sep 20 18:21:52 CEST 2022
Author: minfrin at redwax.eu
Date: Tue Sep 20 18:21:51 2022
New Revision: 82
Log:
Add tech details.
Modified:
redwax-signtext/trunk/src/linux/README.md
Modified: redwax-signtext/trunk/src/linux/README.md
==============================================================================
--- redwax-signtext/trunk/src/linux/README.md (original)
+++ redwax-signtext/trunk/src/linux/README.md Tue Sep 20 18:21:51 2022
@@ -1,4 +1,4 @@
-# Redwax RignText Native Messaging for Linux
+# Redwax SignText Native Messaging for Linux
This provides the native messaging application for Redwax SignText for Linux
platforms.
@@ -7,4 +7,17 @@
smartcards, to ask the end user for consent to sign the text, and to perform
the signing and returning of the text to the browser web extension.
+No data is returned to the browser without the consent of the end user, who
+is invited to choose a certificate and provide the PIN protecting the private
+key. If the user consents and the PIN is valid, the text is signed and returned
+to the browser.
+# Technical details
+
+We use [Gcr](https://gitlab.gnome.org/GNOME/gcr) and
+[p11kit](https://p11-glue.github.io/p11-glue/p11-kit.html) to scan for PKCS11
+modules containing tokens known to the system. All non CA leaf certificates
+that are anchored correctly to a valid trust chain are considered for selection.
+Certificates must have emailProtection extended key usage. If a certificate
+category is present, non end entity certificates are ignored.
+
More information about the rs-commit
mailing list