bugzilla-daemon at mindrot.org
2015-Jul-15 14:29 UTC
[Bug 2429] New: ssh-keygen ignores keys that have CKA_ID == 0
https://bugzilla.mindrot.org/show_bug.cgi?id=2429
Bug ID: 2429
Summary: ssh-keygen ignores keys that have CKA_ID == 0
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2670
--> https://bugzilla.mindrot.org/attachment.cgi?id=2670&action=edit
Do not require to return ID from token
Based on our investigation of Smart Cart usability with openSSH we
found several minor problems that were filled in our red hat bugzilla
[1]. The another is problem again with softHSM. It is returning empty
ID, which is not handled by keygen correctly.
The length check was added based on the bug #1773. It is fine to skip
certificates that have empty values. But requiring non-empty ID is not
preferred way because:
* the ID is not used anywhere in ssh-keygen
* some tokens do not provide ID
The example is again softHSM2 token, which returns ID length of zero
and in current ssh-keygen is silently ignored.
This token has also the need to login, before even public key can be
accessed (not rare example), but it will be described in other report,
since it will require more changes.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241873
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jul-17 01:59 UTC
[Bug 2429] ssh-keygen ignores keys that have CKA_ID == 0
https://bugzilla.mindrot.org/show_bug.cgi?id=2429
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
FWIW PKCS#11 does allow CKA_ID to be empty, so we should support this
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jul-18 08:02 UTC
[Bug 2429] ssh-keygen ignores keys that have CKA_ID == 0
https://bugzilla.mindrot.org/show_bug.cgi?id=2429
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Blocks| |2403
Resolution|--- |FIXED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
applied - thanks!
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:40 UTC
[Bug 2429] ssh-keygen ignores keys that have CKA_ID == 0
https://bugzilla.mindrot.org/show_bug.cgi?id=2429
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2430] New: ssh-keygen should allow to login before reading public key from smart card
- [Bug 2427] New: ssh keygen is trying to read uninitialized slots on smart card (and is failing)
- safenet eToken 5100 pkcs11 bug(?)
- [Bug 2369] New: `ssh-keygen -A` errors on RSA1 when building with SSH1 disabled
- [Bug 2570] New: ssh-keygen -p will convert openssh-format keyfiles back to pem, improperly?