|
Thanks for all the prompt replies!
Quoting Gergely Nagy <algernon@balabit.hu>:
Out of curiosity, why the need to download the lib? Couldn't it be
included in the "source" someway?
That would be a preferred solution, but regrettably not an option. The background is that the Danish government has mandated the use of a shared authorization service which creates keys for each individual in Denmark. The private keys are created and stored by that authorization service and never handed over to the users, violating a basic principle of security, but unfortunately there's very little we can do about that.
The authorization service also provides a PKCS#11 application that enables users to sign and encrypt documents using a personal certificate. The application is closed source, and the current Linux support requires users to download a tarball and manually copy the contents into /usr/lib--even overwriting existing, newer libraries. This is rather bad, somewhat difficult, and to add insult to injury, overwriting existing libraries is not even necessary. The "nemid" package downloads the tarball and extracts only the specific PKCS#11 application and associated library, then provides a script for the user to install his or her certificate.
I could perhaps download the library and include it in the "nemid" package, and the first versions of "nemid" actually did just that. However, I've been unable to get a response from the company that provides the application about the distribution rights of their software, and I'd rather be safe than sorry.
--
Ole Wolf
Rødhættevej 4 * 9400 Nørresundby
Telefon: 9632-0108 * Mobil: 2467-5526 * Skype: ole.wolf * SIP: ole.wolf@ekiga.net
|