openssh unix dev - Jun 2008 - OpenSC smartcard access should use raw public keys, not X.509 certificates

A non-text attachment was scrubbed...
Name: use-public-keys-instead-of-certs-with-opensc.patch
Type: text/x-diff
Size: 5512 bytes
Desc: enable the use of raw public keys on OpenSC-supported
	smartcards
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment-0001.bin

A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080731/3315e753/attachment.bin

On 8/2/08, Peter Stuge <stuge-openssh-unix-dev at cdy.org>
wrote:
> On Fri, Aug 01, 2008 at 06:16:01PM +0300, Alon Bar-Lev wrote:
>  > >  how do you propose for OpenSSH to be able to make use of both
keys?
>  >
>  > Oh... you truly got a problem.... I understand why you discuss this
>  > now... I would recommend choosing a different smartcard.
>
>
> The problem is that this is a reality even for Cryptoflex eGate
>  users. Since it used to be the gold standard OpenSC card I would
>  appreciate a good solution for it. Granted, it has been unavailable
>  for a while, but I expect many to still have them in use.
Maybe a better solution is to implement on disk storage for public
objects which will be available as if they were on token?
This will allow the users to use their token with other
applications... We discuss here OpenSSH, but please keep in mind that
it is only one application with not-so-good smartcard support
built-in.
Users would like to use Firefox, OpenVPN, PSI and other software. All
require a certificate on token.

Alon.