The pkcs11 interface

The pkcs11 interface enables the PKCS#11 Cryptographic Token Interface Standard to be used with access to exposed tokens.

Interface documentation:

See Interface management and Supported interfaces for further details on how interfaces are used.


Developer details

Auto-connect: no
Super-privileged: yes

Code examples

The test code can be found in the snapd repository:
https://github.com/snapcore/snapd/blob/master/interfaces/builtin/pkcs11_test.go

The source code for the interface is in the snapd repository:
snapd/interfaces/builtin/pkcs11.go at master · canonical/snapd · GitHub

I’m trying to figure out how this is supposed to work.

I am one of the people who maintain the official Belgian eID middleware, which (amongst other things) ships a PKCS#11 module.

Enabling the pkcs11 interface for firefox does not work. On plucky, using the “latest/edge” snap, I get:

wouter@ubuntu-test:~$ snap connect firefox:pkcs11
error: snap "firefox" has no plugin named "pkcs11"

I assume this means that PKCS#11 support for the firefox snap is not enabled. Is this correct? If not, what do I need to do?

Additionally, once I manage to connect the PKCS#11 interface to Firefox, I assume I need to go through some special steps to make my PKCS#11 module available for use in snaps? I have it registered with p11-kit, is that sufficient? If not, what other steps would I need to do?

The documentation here is very limited and not at all clear for someone in my position who wants to make things work :slight_smile:

Thanks.

Sorry for the delay getting back to you. I’m going to put this question to the team, and I totally agree what we need to provide much more information for these interface pages with only the bare minimum.