So I got into GSoC 2014, and what am I going to work on?
My project is for Evolution, a personal information manager from GNOME. Among the many features it provides, it can manage contacts and send encrypted and signed email to them.
To send encrypted mail you need to have your addressee’s certificate at hand, and that’s when trouble comes up. You need to have the certificate in a place where NSS can find it, as Evo uses it as its backend. Certificates installed in NSS certificate database can be used to encrypt mail, but if it is somewhere else, like in an Evo contact, Evolution will fail to encrypt the email. NSS can also look for certificates in installed PKCS#11 modules. PKCS#11 modules can be seen as providers of cryptographic keys and certificates.
That’s where the proposed module comes in, connecting NSS to Evolution address book.
The module will receive queries for certificates issued for a specific email, and will return the certificate if found amid the contacts.
There will be some work on answering the queries so that NSS understands the module’s answers, the module should be simple and minimalist, so required functions will be implemented as needed; then some work on searching for certificates in Evolution’s address book, here there may be some access control issues; and then making Evo load the module on NSS .
More details to come…